From 0c0c2039edd4ee442456b6c5a4863a92b9a50e16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Gonc=CC=A7alves?= <cgoncalves@bitwarden.com>
Date: Tue, 2 Apr 2024 17:18:45 +0100
Subject: [PATCH] Conflict resolution

---
 .checkmarx/config.yml                         |    1 +
 .eslintrc.json                                |   11 +-
 .github/CODEOWNERS                            |    1 +
 .github/renovate.json                         |    4 +
 .github/workflows/build-desktop.yml           |   20 +-
 .github/workflows/build-web.yml               |    4 +-
 .github/workflows/deploy-web.yml              |   34 +
 .github/workflows/release-desktop-beta.yml    |   15 +-
 .github/workflows/release-web.yml             |   93 --
 .github/workflows/scan.yml                    |    9 +-
 .github/workflows/version-bump.yml            |   28 +-
 apps/browser/.eslintrc.json                   |   26 +
 apps/browser/package.json                     |    2 +-
 apps/browser/src/_locales/ar/messages.json    |    6 -
 apps/browser/src/_locales/az/messages.json    |    6 -
 apps/browser/src/_locales/be/messages.json    |    6 -
 apps/browser/src/_locales/bg/messages.json    |    6 -
 apps/browser/src/_locales/bn/messages.json    |    6 -
 apps/browser/src/_locales/bs/messages.json    |    6 -
 apps/browser/src/_locales/ca/messages.json    |    6 -
 apps/browser/src/_locales/cs/messages.json    |    6 -
 apps/browser/src/_locales/cy/messages.json    |    6 -
 apps/browser/src/_locales/da/messages.json    |   24 +-
 apps/browser/src/_locales/de/messages.json    |   16 +-
 apps/browser/src/_locales/el/messages.json    |    6 -
 apps/browser/src/_locales/en/messages.json    |   12 +-
 apps/browser/src/_locales/en_GB/messages.json |    6 -
 apps/browser/src/_locales/en_IN/messages.json |    6 -
 apps/browser/src/_locales/es/messages.json    |    6 -
 apps/browser/src/_locales/et/messages.json    |    6 -
 apps/browser/src/_locales/eu/messages.json    |    6 -
 apps/browser/src/_locales/fa/messages.json    |    6 -
 apps/browser/src/_locales/fi/messages.json    |    6 -
 apps/browser/src/_locales/fil/messages.json   |    6 -
 apps/browser/src/_locales/fr/messages.json    |  104 +-
 apps/browser/src/_locales/gl/messages.json    |    6 -
 apps/browser/src/_locales/he/messages.json    |    6 -
 apps/browser/src/_locales/hi/messages.json    |    6 -
 apps/browser/src/_locales/hr/messages.json    |    6 -
 apps/browser/src/_locales/hu/messages.json    |    6 -
 apps/browser/src/_locales/id/messages.json    |    8 +-
 apps/browser/src/_locales/it/messages.json    |    6 -
 apps/browser/src/_locales/ja/messages.json    |    6 -
 apps/browser/src/_locales/ka/messages.json    |    6 -
 apps/browser/src/_locales/km/messages.json    |    6 -
 apps/browser/src/_locales/kn/messages.json    |    6 -
 apps/browser/src/_locales/ko/messages.json    |    6 -
 apps/browser/src/_locales/lt/messages.json    |    6 -
 apps/browser/src/_locales/lv/messages.json    |    6 -
 apps/browser/src/_locales/ml/messages.json    |    6 -
 apps/browser/src/_locales/mr/messages.json    |    6 -
 apps/browser/src/_locales/my/messages.json    |    6 -
 apps/browser/src/_locales/nb/messages.json    |    6 -
 apps/browser/src/_locales/ne/messages.json    |    6 -
 apps/browser/src/_locales/nl/messages.json    |    6 -
 apps/browser/src/_locales/nn/messages.json    |    6 -
 apps/browser/src/_locales/or/messages.json    |    6 -
 apps/browser/src/_locales/pl/messages.json    |    6 -
 apps/browser/src/_locales/pt_BR/messages.json |    6 -
 apps/browser/src/_locales/pt_PT/messages.json |    8 +-
 apps/browser/src/_locales/ro/messages.json    |    6 -
 apps/browser/src/_locales/ru/messages.json    |    6 -
 apps/browser/src/_locales/si/messages.json    |    6 -
 apps/browser/src/_locales/sk/messages.json    |    6 -
 apps/browser/src/_locales/sl/messages.json    |    6 -
 apps/browser/src/_locales/sr/messages.json    |    6 -
 apps/browser/src/_locales/sv/messages.json    |  102 +-
 apps/browser/src/_locales/te/messages.json    |    6 -
 apps/browser/src/_locales/th/messages.json    |    6 -
 apps/browser/src/_locales/tr/messages.json    |    6 -
 apps/browser/src/_locales/uk/messages.json    |    6 -
 apps/browser/src/_locales/vi/messages.json    |    6 -
 apps/browser/src/_locales/zh_CN/messages.json |   22 +-
 apps/browser/src/_locales/zh_TW/messages.json |   56 +-
 .../service-factories/auth-service.factory.ts |   11 +-
 .../device-trust-crypto-service.factory.ts    |   25 +-
 .../key-connector-service.factory.ts          |   12 +-
 .../login-email-service.factory.ts            |   28 +
 .../login-strategy-service.factory.ts         |   14 +-
 .../token-service.factory.ts                  |   20 +-
 ...user-decryption-options-service.factory.ts |   46 +
 .../user-verification-service.factory.ts      |    6 +
 .../services/account-switcher.service.ts      |    2 +-
 apps/browser/src/auth/popup/hint.component.ts |    6 +-
 .../src/auth/popup/home.component.html        |    2 +-
 apps/browser/src/auth/popup/home.component.ts |   51 +-
 apps/browser/src/auth/popup/lock.component.ts |    3 +
 .../popup/login-via-auth-request.component.ts |   16 +-
 .../src/auth/popup/login.component.html       |    2 +-
 .../browser/src/auth/popup/login.component.ts |   20 +-
 .../popup/services/unauth-guard.service.ts    |    3 -
 .../src/auth/popup/set-password.component.ts  |    3 +
 apps/browser/src/auth/popup/sso.component.ts  |   18 +-
 .../src/auth/popup/two-factor.component.ts    |   24 +-
 .../abstractions/notification.background.ts   |    2 +-
 .../notification.background.spec.ts           |   18 +-
 .../background/notification.background.ts     |    6 +-
 .../background/overlay.background.spec.ts     |   99 +-
 .../autofill/background/overlay.background.ts |   30 +-
 .../background/web-request.background.ts      |    2 +-
 .../browser/context-menu-clicked-handler.ts   |    5 +-
 .../autofill/content/autofill-init.spec.ts    |    1 +
 .../src/autofill/content/autofiller.ts        |    2 +-
 apps/browser/src/autofill/notification/bar.ts |    6 +-
 .../autofill-overlay-iframe.service.ts        |    2 +-
 .../pages/list/autofill-overlay-list.ts       |    2 +-
 .../services/abstractions/autofill.service.ts |    2 +-
 .../autofill-overlay-content.service.spec.ts  |   53 +-
 .../autofill-overlay-content.service.ts       |    6 +-
 .../src/autofill/services/autofill.service.ts |    2 +-
 .../collect-autofill-content.service.spec.ts  |   73 +-
 .../collect-autofill-content.service.ts       |   82 +-
 .../dom-element-visibility.service.ts         |    2 +-
 .../insert-autofill-content.service.spec.ts   |   28 +-
 .../insert-autofill-content.service.ts        |   16 +-
 .../browser/src/background/idle.background.ts |    6 +-
 .../browser/src/background/main.background.ts |   80 +-
 .../src/background/runtime.background.ts      |   19 +-
 .../service-factories/send-service.factory.ts |    4 +-
 .../vault-timeout-settings-service.factory.ts |    6 +
 apps/browser/src/manifest.json                |   22 +-
 apps/browser/src/manifest.v3.json             |   35 +-
 apps/browser/src/platform/background.ts       |   65 +-
 ...g-account-profile-state-service.factory.ts |    7 +-
 .../config-api.service.factory.ts             |   10 +-
 .../config-service.factory.ts                 |   32 +-
 .../storage-service.factory.ts                |   24 +-
 .../src/platform/browser/browser-api.ts       |    6 +-
 .../offscreen-document/offscreen-document.ts  |    4 +-
 .../services/browser-file-download.service.ts |    4 +-
 .../abstractions/browser-state.service.ts     |   13 -
 .../services/browser-config.service.ts        |   28 -
 .../services/browser-environment.service.ts   |   27 +-
 ...ssaging-private-mode-background.service.ts |    2 +-
 ...er-messaging-private-mode-popup.service.ts |    2 +-
 .../services/browser-state.service.spec.ts    |   22 -
 .../services/browser-state.service.ts         |   45 -
 .../src/platform/services/i18n.service.ts     |    7 +
 ...cal-backed-session-storage.service.spec.ts |  104 +-
 .../local-backed-session-storage.service.ts   |   94 +-
 apps/browser/src/popup/app.component.ts       |    8 +-
 apps/browser/src/popup/app.module.ts          |    2 +
 apps/browser/src/popup/scss/base.scss         |    4 +-
 .../src/popup/services/init.service.ts        |    3 -
 .../popup/services/popup-search.service.ts    |    6 +-
 .../src/popup/services/services.module.ts     |  741 +++++------
 .../src/popup/settings/about.component.html   |   30 +-
 .../src/popup/settings/about.component.ts     |   15 +-
 .../src/popup/settings/settings.component.ts  |   12 +-
 .../src/services/browser-send.service.ts      |   15 -
 .../fileless-importer.background.spec.ts      |    2 +-
 .../fileless-importer.background.ts           |    4 +-
 .../popup/settings/export.component.html      |    2 +-
 .../tools/popup/settings/export.component.ts  |    2 +-
 .../src/vault/fido2/content/content-script.ts |    7 +-
 .../components/vault/add-edit.component.html  |   18 +-
 .../components/vault/add-edit.component.ts    |    4 +-
 .../components/vault/collections.component.ts |   11 +-
 .../components/vault/current-tab.component.ts |   23 +-
 .../vault/vault-filter.component.ts           |   12 +-
 .../components/vault/vault-items.component.ts |    4 +-
 .../vault-browser-state.service.spec.ts       |   87 ++
 .../services/vault-browser-state.service.ts   |   65 +
 apps/browser/store/locales/gl/copy.resx       |   48 +-
 apps/browser/tsconfig.json                    |    1 +
 apps/cli/package.json                         |    4 +-
 apps/cli/src/auth/commands/login.command.ts   |    4 +-
 apps/cli/src/bw.ts                            |   55 +-
 apps/cli/src/commands/config.command.ts       |   13 +-
 .../convert-to-key-connector.command.ts       |   11 +-
 apps/cli/src/commands/status.command.ts       |    9 +-
 .../platform/services/cli-config.service.ts   |    9 -
 .../src/tools/send/commands/create.command.ts |    3 +-
 .../src/tools/send/commands/get.command.ts    |    4 +-
 .../src/tools/send/commands/list.command.ts   |    5 +-
 .../tools/send/commands/receive.command.ts    |    8 +-
 .../send/commands/remove-password.command.ts  |    5 +-
 apps/desktop/desktop_native/Cargo.lock        |   95 +-
 apps/desktop/desktop_native/Cargo.toml        |   10 +-
 apps/desktop/electron-builder.json            |   66 +-
 apps/desktop/package.json                     |    2 +-
 .../src/app/accounts/settings.component.html  |   21 +-
 .../src/app/accounts/settings.component.ts    |   73 +-
 apps/desktop/src/app/app.component.ts         |    7 +-
 apps/desktop/src/app/app.module.ts            |    5 +-
 .../app/layout/account-switcher.component.ts  |   11 +-
 apps/desktop/src/app/services/init.service.ts |   22 -
 .../src/app/services/services.module.ts       |  317 +++--
 .../app/tools/export/export.component.html    |    6 +-
 .../src/app/tools/export/export.component.ts  |    2 +-
 .../src/app/tools/generator.component.html    |    4 +-
 .../app/tools/send/add-edit.component.html    |    8 +-
 apps/desktop/src/auth/hint.component.ts       |    6 +-
 apps/desktop/src/auth/lock.component.spec.ts  |   11 +
 apps/desktop/src/auth/lock.component.ts       |    3 +
 .../login/login-via-auth-request.component.ts |   20 +-
 .../src/auth/login/login.component.html       |    4 +-
 .../desktop/src/auth/login/login.component.ts |   17 +-
 .../src/auth/set-password.component.ts        |    3 +
 apps/desktop/src/auth/sso.component.ts        |   11 +-
 apps/desktop/src/auth/two-factor.component.ts |   23 +-
 .../desktop-autofill-settings.service.ts      |   29 +
 apps/desktop/src/locales/af/messages.json     |   21 +-
 apps/desktop/src/locales/ar/messages.json     |   21 +-
 apps/desktop/src/locales/az/messages.json     |   21 +-
 apps/desktop/src/locales/be/messages.json     |   21 +-
 apps/desktop/src/locales/bg/messages.json     |   21 +-
 apps/desktop/src/locales/bn/messages.json     |   21 +-
 apps/desktop/src/locales/bs/messages.json     |   21 +-
 apps/desktop/src/locales/ca/messages.json     |   21 +-
 apps/desktop/src/locales/cs/messages.json     |   21 +-
 apps/desktop/src/locales/cy/messages.json     |   21 +-
 apps/desktop/src/locales/da/messages.json     |   31 +-
 apps/desktop/src/locales/de/messages.json     |   21 +-
 apps/desktop/src/locales/el/messages.json     |  229 ++--
 apps/desktop/src/locales/en/messages.json     |   27 +-
 apps/desktop/src/locales/en_GB/messages.json  |   21 +-
 apps/desktop/src/locales/en_IN/messages.json  |   21 +-
 apps/desktop/src/locales/eo/messages.json     |   21 +-
 apps/desktop/src/locales/es/messages.json     |   21 +-
 apps/desktop/src/locales/et/messages.json     |   21 +-
 apps/desktop/src/locales/eu/messages.json     |   21 +-
 apps/desktop/src/locales/fa/messages.json     |   21 +-
 apps/desktop/src/locales/fi/messages.json     |   21 +-
 apps/desktop/src/locales/fil/messages.json    |   21 +-
 apps/desktop/src/locales/fr/messages.json     |   23 +-
 apps/desktop/src/locales/gl/messages.json     |   21 +-
 apps/desktop/src/locales/he/messages.json     |   29 +-
 apps/desktop/src/locales/hi/messages.json     |   21 +-
 apps/desktop/src/locales/hr/messages.json     |   21 +-
 apps/desktop/src/locales/hu/messages.json     |   21 +-
 apps/desktop/src/locales/id/messages.json     |   21 +-
 apps/desktop/src/locales/it/messages.json     |   21 +-
 apps/desktop/src/locales/ja/messages.json     |   21 +-
 apps/desktop/src/locales/ka/messages.json     |   21 +-
 apps/desktop/src/locales/km/messages.json     |   21 +-
 apps/desktop/src/locales/kn/messages.json     |   21 +-
 apps/desktop/src/locales/ko/messages.json     |   21 +-
 apps/desktop/src/locales/lt/messages.json     |   21 +-
 apps/desktop/src/locales/lv/messages.json     |   25 +-
 apps/desktop/src/locales/me/messages.json     |   21 +-
 apps/desktop/src/locales/ml/messages.json     |   21 +-
 apps/desktop/src/locales/mr/messages.json     |   21 +-
 apps/desktop/src/locales/my/messages.json     |   21 +-
 apps/desktop/src/locales/nb/messages.json     |   21 +-
 apps/desktop/src/locales/ne/messages.json     |   21 +-
 apps/desktop/src/locales/nl/messages.json     |   21 +-
 apps/desktop/src/locales/nn/messages.json     |   21 +-
 apps/desktop/src/locales/or/messages.json     |   21 +-
 apps/desktop/src/locales/pl/messages.json     |   21 +-
 apps/desktop/src/locales/pt_BR/messages.json  |   21 +-
 apps/desktop/src/locales/pt_PT/messages.json  |   21 +-
 apps/desktop/src/locales/ro/messages.json     |   21 +-
 apps/desktop/src/locales/ru/messages.json     |   21 +-
 apps/desktop/src/locales/si/messages.json     |   21 +-
 apps/desktop/src/locales/sk/messages.json     |   21 +-
 apps/desktop/src/locales/sl/messages.json     |   21 +-
 apps/desktop/src/locales/sr/messages.json     |   21 +-
 apps/desktop/src/locales/sv/messages.json     |  139 +-
 apps/desktop/src/locales/te/messages.json     |   21 +-
 apps/desktop/src/locales/th/messages.json     |   21 +-
 apps/desktop/src/locales/tr/messages.json     |   21 +-
 apps/desktop/src/locales/uk/messages.json     |   21 +-
 apps/desktop/src/locales/vi/messages.json     |   21 +-
 apps/desktop/src/locales/zh_CN/messages.json  |   23 +-
 apps/desktop/src/locales/zh_TW/messages.json  |   21 +-
 apps/desktop/src/main.ts                      |   90 +-
 apps/desktop/src/main/menu/menu.help.ts       |  107 +-
 apps/desktop/src/main/menu/menu.main.ts       |    8 +-
 apps/desktop/src/main/menu/menubar.ts         |    5 +
 apps/desktop/src/main/messaging.main.ts       |   16 +-
 .../desktop/src/main/native-messaging.main.ts |    2 +-
 apps/desktop/src/main/tray.main.ts            |   18 +-
 apps/desktop/src/main/window.main.ts          |   19 +-
 apps/desktop/src/package-lock.json            |    4 +-
 apps/desktop/src/package.json                 |    2 +-
 .../biometrics.service.abstraction.ts         |   32 +-
 .../platform}/models/domain/window-state.ts   |    2 +-
 .../services/desktop-settings.service.ts      |  180 +++
 .../services/electron-state.service.ts        |   35 -
 .../platform/services/i18n.main.service.ts    |    8 +
 .../services/i18n.renderer.service.ts         |    8 +
 .../illegal-secure-storage.service.ts         |   28 +
 .../native-message-handler.service.ts         |    8 +-
 .../vault/app/vault/add-edit.component.html   |   21 +-
 .../src/vault/app/vault/add-edit.component.ts |    4 +-
 .../vault/app/vault/collections.component.ts  |   11 +-
 apps/desktop/tsconfig.json                    |    1 +
 apps/desktop/webpack.renderer.js              |    1 +
 apps/web/config/development.json              |    9 +
 apps/web/config/euqa.json                     |   16 +
 apps/web/config/qa.json                       |   16 +
 apps/web/jest.config.js                       |   10 +-
 apps/web/package.json                         |    2 +-
 .../core/services/group/group.service.ts      |    6 +-
 .../core/services/user-admin.service.ts       |    4 +-
 .../layouts/organization-layout.component.ts  |    2 +-
 .../member-dialog/member-dialog.component.ts  |    4 +-
 .../settings/account.component.ts             |    4 +-
 .../vault-export/org-vault-export.module.ts   |    9 +-
 apps/web/src/app/app.component.ts             |    7 +-
 apps/web/src/app/auth/hint.component.ts       |    6 +-
 .../user-key-rotation.service.spec.ts         |   13 +-
 .../key-rotation/user-key-rotation.service.ts |   13 +-
 apps/web/src/app/auth/lock.component.ts       |    3 +
 .../login/login-via-auth-request.component.ts |   70 +-
 .../src/app/auth/login/login.component.html   |    4 +-
 .../web/src/app/auth/login/login.component.ts |   23 +-
 .../emergency-add-edit-cipher.component.ts    |    4 +-
 apps/web/src/app/auth/sso.component.ts        |   11 +-
 apps/web/src/app/auth/two-factor.component.ts |   21 +-
 .../billing/individual/premium.component.ts   |    2 +-
 .../user-subscription.component.html          |    2 +-
 .../individual/user-subscription.component.ts |   82 +-
 ...nization-subscription-cloud.component.html |   31 +-
 ...ganization-subscription-cloud.component.ts |   42 +-
 ...ization-subscription-selfhost.component.ts |    8 +-
 .../billing/shared/add-credit.component.ts    |   10 +-
 .../environment-selector.component.html       |   23 +-
 .../environment-selector.component.ts         |   21 +-
 apps/web/src/app/core/core.module.ts          |   21 +-
 apps/web/src/app/core/init.service.ts         |   16 -
 .../src/app/layouts/user-layout.component.ts  |    2 +-
 .../app/platform/web-environment.service.ts   |   62 +
 .../src/app/platform/web-migration-runner.ts  |    2 +-
 .../tools/vault-export/export.component.html  |    4 +-
 .../tools/vault-export/export.component.ts    |    3 +-
 .../app/tools/vault-export/export.module.ts   |    4 +-
 .../collection-dialog.component.ts            |    4 +-
 .../vault-items/vault-item-event.ts           |    3 +-
 .../vault-items/vault-items.component.html    |    9 +
 .../vault-items/vault-items.component.ts      |   16 +-
 .../vault-items/vault-items.stories.ts        |    4 +-
 .../individual-vault/add-edit.component.html  |   15 +-
 .../individual-vault/add-edit.component.ts    |    4 +-
 .../collections.component.html                |    1 +
 .../individual-vault/collections.component.ts |   14 +-
 .../organization-options.component.ts         |    6 +-
 .../abstractions/vault-filter.service.ts      |    4 +-
 .../services/vault-filter.service.spec.ts     |   27 +-
 .../services/vault-filter.service.ts          |   27 +-
 .../vault-onboarding.component.spec.ts        |    8 +-
 .../vault-onboarding.component.ts             |    6 +-
 .../individual-vault/vault.component.html     |    1 -
 .../vault/individual-vault/vault.component.ts |   15 +-
 .../app/vault/org-vault/add-edit.component.ts |   14 +-
 ...ollection-assignment-dialog.component.html |   66 +
 ...-collection-assignment-dialog.component.ts |  191 +++
 .../index.ts                                  |    1 +
 .../vault/org-vault/collections.component.ts  |   22 +-
 .../vault-filter/vault-filter.service.ts      |    5 +-
 .../app/vault/org-vault/vault.component.html  |    5 +-
 .../app/vault/org-vault/vault.component.ts    |   87 +-
 apps/web/src/locales/af/messages.json         |   43 +-
 apps/web/src/locales/ar/messages.json         |   43 +-
 apps/web/src/locales/az/messages.json         |   47 +-
 apps/web/src/locales/be/messages.json         |   43 +-
 apps/web/src/locales/bg/messages.json         |   47 +-
 apps/web/src/locales/bn/messages.json         |   43 +-
 apps/web/src/locales/bs/messages.json         |   43 +-
 apps/web/src/locales/ca/messages.json         |   51 +-
 apps/web/src/locales/cs/messages.json         |   47 +-
 apps/web/src/locales/cy/messages.json         |   43 +-
 apps/web/src/locales/da/messages.json         |   47 +-
 apps/web/src/locales/de/messages.json         |   47 +-
 apps/web/src/locales/el/messages.json         |   43 +-
 apps/web/src/locales/en/messages.json         |   43 +-
 apps/web/src/locales/en_GB/messages.json      |   43 +-
 apps/web/src/locales/en_IN/messages.json      |   43 +-
 apps/web/src/locales/eo/messages.json         |   43 +-
 apps/web/src/locales/es/messages.json         |   43 +-
 apps/web/src/locales/et/messages.json         |   43 +-
 apps/web/src/locales/eu/messages.json         |   43 +-
 apps/web/src/locales/fa/messages.json         |   43 +-
 apps/web/src/locales/fi/messages.json         |   47 +-
 apps/web/src/locales/fil/messages.json        |   43 +-
 apps/web/src/locales/fr/messages.json         |  121 +-
 apps/web/src/locales/gl/messages.json         |   43 +-
 apps/web/src/locales/he/messages.json         |   43 +-
 apps/web/src/locales/hi/messages.json         |   43 +-
 apps/web/src/locales/hr/messages.json         |   43 +-
 apps/web/src/locales/hu/messages.json         |   47 +-
 apps/web/src/locales/id/messages.json         |   43 +-
 apps/web/src/locales/it/messages.json         |   47 +-
 apps/web/src/locales/ja/messages.json         |   43 +-
 apps/web/src/locales/ka/messages.json         |   43 +-
 apps/web/src/locales/km/messages.json         |   43 +-
 apps/web/src/locales/kn/messages.json         |   43 +-
 apps/web/src/locales/ko/messages.json         |   43 +-
 apps/web/src/locales/lv/messages.json         |   47 +-
 apps/web/src/locales/ml/messages.json         |   43 +-
 apps/web/src/locales/mr/messages.json         |   43 +-
 apps/web/src/locales/my/messages.json         |   43 +-
 apps/web/src/locales/nb/messages.json         |   43 +-
 apps/web/src/locales/ne/messages.json         |   43 +-
 apps/web/src/locales/nl/messages.json         |  107 +-
 apps/web/src/locales/nn/messages.json         |   43 +-
 apps/web/src/locales/or/messages.json         |   43 +-
 apps/web/src/locales/pl/messages.json         |   43 +-
 apps/web/src/locales/pt_BR/messages.json      |   47 +-
 apps/web/src/locales/pt_PT/messages.json      |   43 +-
 apps/web/src/locales/ro/messages.json         |   43 +-
 apps/web/src/locales/ru/messages.json         |   47 +-
 apps/web/src/locales/si/messages.json         |   43 +-
 apps/web/src/locales/sk/messages.json         |   47 +-
 apps/web/src/locales/sl/messages.json         |   43 +-
 apps/web/src/locales/sr/messages.json         |   49 +-
 apps/web/src/locales/sr_CS/messages.json      |   43 +-
 apps/web/src/locales/sv/messages.json         |   47 +-
 apps/web/src/locales/te/messages.json         |   43 +-
 apps/web/src/locales/th/messages.json         |   43 +-
 apps/web/src/locales/tr/messages.json         |   47 +-
 apps/web/src/locales/uk/messages.json         |   47 +-
 apps/web/src/locales/vi/messages.json         |   43 +-
 apps/web/src/locales/zh_CN/messages.json      |   55 +-
 apps/web/src/locales/zh_TW/messages.json      |   43 +-
 apps/web/src/translation-constants.ts         |    9 +
 apps/web/tsconfig.json                        |    1 +
 apps/web/webpack.config.js                    |   20 +-
 .../organizations/manage/scim.component.ts    |   14 +-
 .../providers/providers-layout.component.ts   |    2 +-
 .../providers/setup/setup.component.ts        |    2 +-
 .../bit-web/src/app/app-routing.module.ts     |    1 +
 .../src/app/auth/sso/sso.component.html       |    2 +-
 .../bit-web/src/app/auth/sso/sso.component.ts |    4 +-
 .../layout/navigation.component.ts            |    6 +-
 bitwarden_license/bit-web/tsconfig.json       |    1 +
 .../components/collections.component.ts       |   17 +-
 ...base-login-decryption-options.component.ts |   62 +-
 .../components/captcha-protected.component.ts |    4 +-
 .../environment-selector.component.html       |   69 +-
 .../environment-selector.component.ts         |   53 +-
 .../auth/components/environment.component.ts  |   39 +-
 .../src/auth/components/hint.component.ts     |    6 +-
 .../src/auth/components/lock.component.ts     |   11 +-
 .../login-via-auth-request.component.ts       |   45 +-
 .../src/auth/components/login.component.ts    |   56 +-
 .../auth/components/set-password.component.ts |   15 +-
 .../src/auth/components/sso.component.spec.ts |  116 +-
 .../src/auth/components/sso.component.ts      |   42 +-
 .../two-factor-options.component.ts           |    6 +-
 .../components/two-factor.component.spec.ts   |  113 +-
 .../auth/components/two-factor.component.ts   |   42 +-
 libs/angular/src/auth/guards/lock.guard.ts    |    2 +-
 .../angular/src/auth/guards/redirect.guard.ts |    2 +-
 .../guards/tde-decryption-required.guard.ts   |    2 +-
 .../angular/src/components/share.component.ts |    3 +-
 .../directives/if-feature.directive.spec.ts   |    8 +-
 .../src/directives/if-feature.directive.ts    |    4 +-
 libs/angular/src/jslib.module.ts              |    3 -
 .../form-validation-errors.service.ts         |    2 +-
 .../platform/guard/feature-flag.guard.spec.ts |    8 +-
 .../src/platform/guard/feature-flag.guard.ts  |    4 +-
 .../services/logging-error-handler.ts         |   22 +
 .../theming/theming.service.abstraction.ts    |    4 +-
 .../src/platform/utils/safe-provider.ts       |   82 +-
 .../src/services/jslib-services.module.ts     |  102 +-
 .../src/tools/send/add-edit.component.ts      |    6 +-
 libs/angular/src/tools/send/send.component.ts |    8 +-
 .../vault/components/add-edit.component.ts    |   20 +-
 .../src/vault/components/icon.component.ts    |    7 +-
 .../src/vault/components/premium.component.ts |   14 +-
 .../user-verification-dialog.component.html   |    4 +-
 .../user-verification-dialog.component.ts     |    2 +
 .../user-verification-dialog.types.ts         |    4 +-
 ...ser-verification-form-input.component.html |    4 +-
 .../user-verification-form-input.component.ts |    2 +
 .../auth-request.service.abstraction.ts       |   12 +
 libs/auth/src/common/abstractions/index.ts    |    2 +
 .../abstractions/login-email.service.ts       |   38 +
 .../abstractions/login-strategy.service.ts    |    9 -
 ...-decryption-options.service.abstraction.ts |   34 +
 .../auth-request-login.strategy.spec.ts       |    4 +
 .../auth-request-login.strategy.ts            |    8 +-
 .../login-strategies/login.strategy.spec.ts   |   43 +-
 .../common/login-strategies/login.strategy.ts |   23 +-
 .../password-login.strategy.spec.ts           |    4 +
 .../password-login.strategy.ts                |   45 +-
 .../sso-login.strategy.spec.ts                |    8 +-
 .../login-strategies/sso-login.strategy.ts    |   16 +-
 .../user-api-login.strategy.spec.ts           |   20 +-
 .../user-api-login.strategy.ts                |    8 +-
 .../webauthn-login.strategy.spec.ts           |    4 +
 .../webauthn-login.strategy.ts                |    3 +
 libs/auth/src/common/models/domain/index.ts   |    1 +
 .../models/domain/user-decryption-options.ts  |  165 +++
 libs/auth/src/common/models/index.ts          |    1 +
 .../spec/fake-user-decryption-options.ts      |   38 +
 libs/auth/src/common/models/spec/index.ts     |    1 +
 .../auth-request/auth-request.service.spec.ts |   17 +
 .../auth-request/auth-request.service.ts      |   16 +-
 libs/auth/src/common/services/index.ts        |    2 +
 .../login-email/login-email.service.ts        |   52 +
 .../login-strategy.service.spec.ts            |    9 +-
 .../login-strategy.service.ts                 |   25 +-
 .../user-decryption-options.service.spec.ts   |   94 ++
 .../user-decryption-options.service.ts        |   47 +
 libs/common/spec/fake-account-service.ts      |    3 +
 .../spec/matchers/to-almost-equal.spec.ts     |   54 +
 libs/common/spec/matchers/to-almost-equal.ts  |   20 +
 libs/common/spec/observable-tracker.ts        |   86 ++
 libs/common/src/abstractions/api.service.ts   |    1 -
 .../organization-api.service.abstraction.ts   |    1 -
 .../organization/organization-api.service.ts  |    4 -
 .../abstractions/anonymous-hub.service.ts     |    4 +-
 .../src/auth/abstractions/auth.service.ts     |   16 +-
 .../src/auth/abstractions/avatar.service.ts   |   11 +
 ...device-trust-crypto.service.abstraction.ts |   27 +-
 .../abstractions/key-connector.service.ts     |    1 -
 .../src/auth/abstractions/login.service.ts    |    8 -
 .../src/auth/abstractions/token.service.ts    |   14 +-
 .../src/auth/models/domain/auth-result.ts     |    2 +-
 .../auth/models/domain/environment-urls.ts    |   16 -
 .../key-connector-user-decryption-option.ts   |    3 -
 .../trusted-device-user-decryption-option.ts  |    7 -
 .../auth/services/anonymous-hub.service.ts    |   31 +-
 .../src/auth/services/auth.service.spec.ts    |  161 +++
 libs/common/src/auth/services/auth.service.ts |   51 +-
 .../src/auth/services/avatar.service.ts       |    4 +
 ...ice-trust-crypto.service.implementation.ts |  152 ++-
 .../device-trust-crypto.service.spec.ts       |  339 +++--
 .../services/key-connector.service.spec.ts    |  376 ++++++
 .../auth/services/key-connector.service.ts    |   60 +-
 .../common/src/auth/services/login.service.ts |   35 -
 .../src/auth/services/token.service.spec.ts   |  371 +++---
 .../common/src/auth/services/token.service.ts |  212 ++-
 .../src/auth/services/token.state.spec.ts     |    2 -
 libs/common/src/auth/services/token.state.ts  |   12 +-
 .../user-verification.service.ts              |   21 +-
 .../webauthn-login-api.service.ts             |    5 +-
 ...ling-account-profile-state.service.spec.ts |  189 ++-
 .../billing-account-profile-state.service.ts  |   28 +-
 .../billing/services/billing-api.service.ts   |    4 +-
 libs/common/src/enums/feature-flag.enum.ts    |    2 -
 .../platform/abstractions/app-id.service.ts   |    8 +-
 .../abstractions/broadcaster.service.ts       |    6 +-
 .../config/config-api.service.abstraction.ts  |    6 +-
 .../config/config.service.abstraction.ts      |   30 -
 .../abstractions/config/config.service.ts     |   47 +
 .../abstractions/config/server-config.ts      |    5 -
 .../abstractions/crypto-function.service.ts   |   62 +-
 .../platform/abstractions/crypto.service.ts   |  169 +--
 .../platform/abstractions/encrypt.service.ts  |   23 +-
 .../abstractions/environment.service.ts       |  135 +-
 .../file-download/file-download.service.ts    |    2 +-
 .../file-upload/file-upload.service.ts        |    4 +-
 .../src/platform/abstractions/i18n.service.ts |    4 +-
 .../abstractions/key-generation.service.ts    |   14 +-
 .../src/platform/abstractions/log.service.ts  |   10 +-
 .../abstractions/messaging.service.ts         |    2 +-
 .../abstractions/platform-utils.service.ts    |   52 +-
 .../platform/abstractions/state.service.ts    |   62 +-
 .../platform/abstractions/system.service.ts   |    8 +-
 .../abstractions/translation.service.ts       |   12 +-
 .../abstractions/validation.service.ts        |    2 +-
 .../biometric-state.service.spec.ts           |   87 +-
 .../biometrics/biometric-state.service.ts     |   80 +-
 .../biometrics/biometric.state.spec.ts        |    2 +-
 .../platform/biometrics/biometric.state.ts    |    3 +-
 .../models/domain/account-keys.spec.ts        |   38 -
 .../src/platform/models/domain/account.ts     |  118 --
 .../platform/models/domain/global-state.ts    |   20 -
 .../services/config/config-api.service.ts     |   12 +-
 .../services/config/config.service.spec.ts    |  357 +++--
 .../services/config/config.service.ts         |  127 --
 .../services/config/default-config.service.ts |  177 +++
 .../src/platform/services/crypto.service.ts   |   16 +-
 .../default-environment.service.spec.ts       |  418 ++++++
 .../services/default-environment.service.ts   |  433 +++++++
 .../services/environment.service.spec.ts      |  535 --------
 .../platform/services/environment.service.ts  |  418 ------
 .../migration-builder.service.spec.ts         |    1 +
 .../src/platform/services/migration-runner.ts |    1 +
 .../src/platform/services/state.service.ts    |  437 +------
 .../platform/services/translation.service.ts  |    7 +
 .../platform/state/derived-state.provider.ts  |    4 +-
 .../platform/state/global-state.provider.ts   |    2 +-
 libs/common/src/platform/state/index.ts       |    2 +-
 .../src/platform/state/state-definitions.ts   |   19 +-
 .../src/platform/state/state.provider.ts      |    8 +-
 .../src/platform/state/user-state.provider.ts |    2 +-
 libs/common/src/platform/state/user-state.ts  |   21 +-
 .../platform/theming/theme-state.service.ts   |    4 +-
 libs/common/src/services/api.service.ts       |   45 +-
 .../src/services/notifications.service.ts     |    5 +-
 .../vault-timeout-settings.service.spec.ts    |   39 +-
 .../vault-timeout-settings.service.ts         |   18 +-
 libs/common/src/state-migrations/migrate.ts   |   20 +-
 .../migration-builder.spec.ts                 |   14 +-
 .../state-migrations/migration-helper.spec.ts |   18 +-
 .../src/state-migrations/migration-helper.ts  |   19 +-
 ...ard-and-identity-to-state-provider.spec.ts |    4 +-
 ...how-card-and-identity-to-state-provider.ts |    4 +-
 ...igrate-token-svc-to-state-provider.spec.ts |  144 ++-
 .../38-migrate-token-svc-to-state-provider.ts |   20 +-
 ...cryption-options-to-state-provider.spec.ts |  238 ++++
 ...er-decryption-options-to-state-provider.ts |   57 +
 .../45-merge-environment-state.spec.ts        |  164 +++
 .../migrations/45-merge-environment-state.ts  |   83 ++
 ...ete-orphaned-biometric-prompt-data.spec.ts |   28 +
 ...6-delete-orphaned-biometric-prompt-data.ts |   23 +
 .../47-move-desktop-settings.spec.ts          |  116 ++
 .../migrations/47-move-desktop-settings.ts    |  128 ++
 .../48-move-ddg-to-state-provider.spec.ts     |   47 +
 .../48-move-ddg-to-state-provider.ts          |   40 +
 .../49-move-account-server-configs.spec.ts    |  112 ++
 .../49-move-account-server-configs.ts         |   51 +
 ...ve-key-connector-to-state-provider.spec.ts |  174 +++
 ...50-move-key-connector-to-state-provider.ts |   78 ++
 ...emembered-email-to-state-providers.spec.ts |   81 ++
 ...ove-remembered-email-to-state-providers.ts |   46 +
 .../52-delete-installed-version.spec.ts       |   35 +
 .../migrations/52-delete-installed-version.ts |   19 +
 ...rust-crypto-svc-to-state-providers.spec.ts |  171 +++
 ...ice-trust-crypto-svc-to-state-providers.ts |   95 ++
 ...move-local-data-to-state-provider.spec.ts} |   10 +-
 ...> 54-move-local-data-to-state-provider.ts} |    2 +-
 .../src/state-migrations/migrator.spec.ts     |    2 +-
 .../generator-history.abstraction.ts          |   47 +
 .../generator-strategy.abstraction.ts         |    9 +-
 .../default-generator.service.spec.ts         |   36 +-
 .../generator/default-generator.service.ts    |   14 +-
 .../history/generated-credential.spec.ts      |   58 +
 .../generator/history/generated-credential.ts |   47 +
 .../src/tools/generator/history/index.ts      |    2 +
 .../local-generator-history.service.spec.ts   |  198 +++
 .../local-generator-history.service.ts        |  116 ++
 .../src/tools/generator/history/options.ts    |   10 +
 .../tools/generator/key-definition.spec.ts    |    9 -
 .../src/tools/generator/key-definitions.ts    |   11 +-
 .../passphrase-generator-policy.spec.ts       |   51 +
 .../passphrase/passphrase-generator-policy.ts |   26 +
 .../passphrase-generator-strategy.spec.ts     |   34 +-
 .../passphrase-generator-strategy.ts          |   31 +-
 .../password-generator-policy.spec.ts         |   55 +
 .../password/password-generator-policy.ts     |   27 +
 .../password-generator-strategy.spec.ts       |   34 +-
 .../password/password-generator-strategy.ts   |   33 +-
 .../reduce-collection.operator.spec.ts        |   33 +
 .../generator/reduce-collection.operator.ts   |   20 +
 .../generator/state/classified-format.ts      |   19 +
 .../state/data-packer.abstraction.ts          |    2 +-
 .../state/padded-data-packer.spec.ts          |   10 -
 .../generator/state/padded-data-packer.ts     |    2 +-
 .../generator/state/secret-classifier.spec.ts |   18 +-
 .../generator/state/secret-classifier.ts      |   22 +-
 .../state/secret-key-definition.spec.ts       |  208 +++
 .../generator/state/secret-key-definition.ts  |  107 ++
 .../generator/state/secret-state.spec.ts      |  119 +-
 .../src/tools/generator/state/secret-state.ts |  242 ++--
 .../state/user-encryptor.abstraction.ts       |   18 +-
 .../state/user-key-encryptor.spec.ts          |   77 +-
 .../generator/state/user-key-encryptor.ts     |   33 +-
 .../catchall-generator-strategy.spec.ts       |   46 +-
 .../username/catchall-generator-strategy.ts   |   18 +-
 .../eff-username-generator-strategy.spec.ts   |   46 +-
 .../eff-username-generator-strategy.ts        |   18 +-
 .../forwarder-generator-strategy.spec.ts      |   25 +-
 .../username/forwarder-generator-strategy.ts  |   38 +-
 .../subaddress-generator-strategy.spec.ts     |   46 +-
 .../username/subaddress-generator-strategy.ts |   18 +-
 .../src/vault/abstractions/cipher.service.ts  |   14 +
 .../vault/abstractions/collection.service.ts  |    2 +
 .../vault/models/domain/collection.spec.ts    |    1 +
 .../cipher-bulk-update-collections.request.ts |   19 +
 .../src/vault/models/view/collection.view.ts  |   23 +
 .../src/vault/services/cipher.service.spec.ts |    4 +-
 .../src/vault/services/cipher.service.ts      |   58 +-
 .../fido2/fido2-client.service.spec.ts        |    6 +-
 .../services/fido2/fido2-client.service.ts    |    4 +-
 .../src/vault/services/sync/sync.service.ts   |   28 +-
 libs/common/test.setup.ts                     |    8 +
 libs/components/src/icon/icon.stories.ts      |   27 +-
 .../components/kitchen-sink-form.component.ts |  176 +++
 .../components/kitchen-sink-main.component.ts |  117 ++
 .../kitchen-sink-table.component.ts           |   49 +
 .../kitchen-sink-toggle-list.component.ts     |   34 +
 .../src/stories/kitchen-sink/index.ts         |    1 +
 .../kitchen-sink-shared.module.ts             |  114 ++
 .../src/stories/kitchen-sink/kitchen-sink.mdx |   15 +
 .../kitchen-sink/kitchen-sink.stories.ts      |  172 +++
 .../cipher-with-collections.json.ts           |   37 +
 .../lastpass-direct-import.service.ts         |    7 +-
 .../src/services/import.service.spec.ts       |   56 +
 libs/importer/src/services/import.service.ts  |    6 +-
 libs/shared/tsconfig.libs.json                |    1 +
 libs/tools/export/vault-export/README.md      |    2 +
 .../vault-export-ui/jest.config.js            |   13 +
 .../vault-export/vault-export-ui/package.json |   25 +
 .../export-scope-callout.component.html       |    4 +-
 .../export-scope-callout.component.ts         |    7 +-
 .../src}/components/export.component.ts       |    3 +-
 .../vault-export/vault-export-ui/src/index.ts |    2 +
 .../vault-export-ui/tsconfig.json             |    5 +
 .../vault-export-ui/tsconfig.spec.json        |    3 +
 package-lock.json                             | 1143 +++++++++++++----
 package.json                                  |   24 +-
 tsconfig.eslint.json                          |    1 +
 tsconfig.json                                 |    1 +
 699 files changed, 17230 insertions(+), 8095 deletions(-)
 create mode 100644 apps/browser/.eslintrc.json
 create mode 100644 apps/browser/src/auth/background/service-factories/login-email-service.factory.ts
 create mode 100644 apps/browser/src/auth/background/service-factories/user-decryption-options-service.factory.ts
 rename apps/browser/src/platform/{ => popup}/services/browser-file-download.service.ts (93%)
 delete mode 100644 apps/browser/src/platform/services/browser-config.service.ts
 delete mode 100644 apps/browser/src/services/browser-send.service.ts
 create mode 100644 apps/browser/src/vault/services/vault-browser-state.service.spec.ts
 create mode 100644 apps/browser/src/vault/services/vault-browser-state.service.ts
 delete mode 100644 apps/cli/src/platform/services/cli-config.service.ts
 create mode 100644 apps/desktop/src/autofill/services/desktop-autofill-settings.service.ts
 rename {libs/common/src => apps/desktop/src/platform}/models/domain/window-state.ts (89%)
 create mode 100644 apps/desktop/src/platform/services/desktop-settings.service.ts
 create mode 100644 apps/desktop/src/platform/services/illegal-secure-storage.service.ts
 create mode 100644 apps/web/src/app/platform/web-environment.service.ts
 create mode 100644 apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.html
 create mode 100644 apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.ts
 create mode 100644 apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/index.ts
 create mode 100644 libs/angular/src/platform/services/logging-error-handler.ts
 create mode 100644 libs/auth/src/common/abstractions/login-email.service.ts
 create mode 100644 libs/auth/src/common/abstractions/user-decryption-options.service.abstraction.ts
 create mode 100644 libs/auth/src/common/models/domain/user-decryption-options.ts
 create mode 100644 libs/auth/src/common/models/spec/fake-user-decryption-options.ts
 create mode 100644 libs/auth/src/common/models/spec/index.ts
 create mode 100644 libs/auth/src/common/services/login-email/login-email.service.ts
 create mode 100644 libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.spec.ts
 create mode 100644 libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.ts
 create mode 100644 libs/common/spec/matchers/to-almost-equal.spec.ts
 create mode 100644 libs/common/spec/matchers/to-almost-equal.ts
 create mode 100644 libs/common/spec/observable-tracker.ts
 delete mode 100644 libs/common/src/auth/abstractions/login.service.ts
 delete mode 100644 libs/common/src/auth/models/domain/environment-urls.ts
 delete mode 100644 libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts
 delete mode 100644 libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts
 create mode 100644 libs/common/src/auth/services/auth.service.spec.ts
 create mode 100644 libs/common/src/auth/services/key-connector.service.spec.ts
 delete mode 100644 libs/common/src/auth/services/login.service.ts
 delete mode 100644 libs/common/src/platform/abstractions/config/config.service.abstraction.ts
 create mode 100644 libs/common/src/platform/abstractions/config/config.service.ts
 delete mode 100644 libs/common/src/platform/services/config/config.service.ts
 create mode 100644 libs/common/src/platform/services/config/default-config.service.ts
 create mode 100644 libs/common/src/platform/services/default-environment.service.spec.ts
 create mode 100644 libs/common/src/platform/services/default-environment.service.ts
 delete mode 100644 libs/common/src/platform/services/environment.service.spec.ts
 delete mode 100644 libs/common/src/platform/services/environment.service.ts
 create mode 100644 libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.ts
 create mode 100644 libs/common/src/state-migrations/migrations/45-merge-environment-state.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/45-merge-environment-state.ts
 create mode 100644 libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.ts
 create mode 100644 libs/common/src/state-migrations/migrations/47-move-desktop-settings.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/47-move-desktop-settings.ts
 create mode 100644 libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.ts
 create mode 100644 libs/common/src/state-migrations/migrations/49-move-account-server-configs.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/49-move-account-server-configs.ts
 create mode 100644 libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.ts
 create mode 100644 libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.ts
 create mode 100644 libs/common/src/state-migrations/migrations/52-delete-installed-version.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/52-delete-installed-version.ts
 create mode 100644 libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.spec.ts
 create mode 100644 libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.ts
 rename libs/common/src/state-migrations/migrations/{44-move-local-data-to-state-provider.spec.ts => 54-move-local-data-to-state-provider.spec.ts} (90%)
 rename libs/common/src/state-migrations/migrations/{44-move-local-data-to-state-provider.ts => 54-move-local-data-to-state-provider.ts} (96%)
 create mode 100644 libs/common/src/tools/generator/abstractions/generator-history.abstraction.ts
 create mode 100644 libs/common/src/tools/generator/history/generated-credential.spec.ts
 create mode 100644 libs/common/src/tools/generator/history/generated-credential.ts
 create mode 100644 libs/common/src/tools/generator/history/index.ts
 create mode 100644 libs/common/src/tools/generator/history/local-generator-history.service.spec.ts
 create mode 100644 libs/common/src/tools/generator/history/local-generator-history.service.ts
 create mode 100644 libs/common/src/tools/generator/history/options.ts
 create mode 100644 libs/common/src/tools/generator/passphrase/passphrase-generator-policy.spec.ts
 create mode 100644 libs/common/src/tools/generator/password/password-generator-policy.spec.ts
 create mode 100644 libs/common/src/tools/generator/reduce-collection.operator.spec.ts
 create mode 100644 libs/common/src/tools/generator/reduce-collection.operator.ts
 create mode 100644 libs/common/src/tools/generator/state/classified-format.ts
 create mode 100644 libs/common/src/tools/generator/state/secret-key-definition.spec.ts
 create mode 100644 libs/common/src/tools/generator/state/secret-key-definition.ts
 create mode 100644 libs/common/src/vault/models/request/cipher-bulk-update-collections.request.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/components/kitchen-sink-form.component.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/components/kitchen-sink-main.component.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/components/kitchen-sink-table.component.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/components/kitchen-sink-toggle-list.component.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/index.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/kitchen-sink-shared.module.ts
 create mode 100644 libs/components/src/stories/kitchen-sink/kitchen-sink.mdx
 create mode 100644 libs/components/src/stories/kitchen-sink/kitchen-sink.stories.ts
 create mode 100644 libs/importer/spec/test-data/bitwarden-json/cipher-with-collections.json.ts
 create mode 100644 libs/tools/export/vault-export/vault-export-ui/jest.config.js
 create mode 100644 libs/tools/export/vault-export/vault-export-ui/package.json
 rename libs/{angular/src/tools/export => tools/export/vault-export/vault-export-ui/src}/components/export-scope-callout.component.html (59%)
 rename libs/{angular/src/tools/export => tools/export/vault-export/vault-export-ui/src}/components/export-scope-callout.component.ts (86%)
 rename libs/{angular/src/tools/export => tools/export/vault-export/vault-export-ui/src}/components/export.component.ts (98%)
 create mode 100644 libs/tools/export/vault-export/vault-export-ui/src/index.ts
 create mode 100644 libs/tools/export/vault-export/vault-export-ui/tsconfig.json
 create mode 100644 libs/tools/export/vault-export/vault-export-ui/tsconfig.spec.json

diff --git a/.checkmarx/config.yml b/.checkmarx/config.yml
index 18b9be6a7e..e45e83fcac 100644
--- a/.checkmarx/config.yml
+++ b/.checkmarx/config.yml
@@ -7,5 +7,6 @@ checkmarx:
   scan:
     configs:
       sast:
+        presetName: "BW ASA Premium"
         # Exclude spec files, and test specific files
         filter: "!*.spec.ts,!**/spec/**,!apps/desktop/native-messaging-test-runner/**"
diff --git a/.eslintrc.json b/.eslintrc.json
index 47d45f23c3..671e7b2fab 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -67,7 +67,7 @@
             "pathGroupsExcludedImportTypes": ["builtin"]
           }
         ],
-        "rxjs-angular/prefer-takeuntil": "error",
+        "rxjs-angular/prefer-takeuntil": ["error", { "alias": ["takeUntilDestroyed"] }],
         "rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
         "no-restricted-syntax": [
           "error",
@@ -191,6 +191,15 @@
         ]
       }
     },
+    {
+      "files": ["libs/tools/export/vault-export/vault-export-ui/src/**/*.ts"],
+      "rules": {
+        "no-restricted-imports": [
+          "error",
+          { "patterns": ["@bitwarden/vault-export-ui/*", "src/**/*"] }
+        ]
+      }
+    },
     {
       "files": ["libs/importer/src/**/*.ts"],
       "rules": {
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index bfce3c1547..bfad3f2628 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -83,6 +83,7 @@ apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
 
 ## Autofill team files ##
 apps/browser/src/autofill @bitwarden/team-autofill-dev
+apps/desktop/src/autofill @bitwarden/team-autofill-dev
 libs/common/src/autofill @bitwarden/team-autofill-dev
 
 ## Component Library ##
diff --git a/.github/renovate.json b/.github/renovate.json
index bd9ea0da5c..95fd2dc11e 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -16,6 +16,10 @@
       "matchManagers": ["cargo"],
       "commitMessagePrefix": "[deps] Platform:"
     },
+    {
+      "groupName": "napi",
+      "matchPackageNames": ["napi", "napi-build", "napi-derive"]
+    },
     {
       "matchPackageNames": ["typescript", "zone.js"],
       "matchUpdateTypes": ["major", "minor"],
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 2c28d0cb52..e73f882bb4 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -444,7 +444,10 @@ jobs:
 
   macos-build:
     name: MacOS Build
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules
+    runs-on: macos-11
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -602,7 +605,10 @@ jobs:
 
   macos-package-github:
     name: MacOS Package GitHub Release Assets
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules
+    runs-on: macos-11
     needs:
       - browser-build
       - macos-build
@@ -808,7 +814,10 @@ jobs:
 
   macos-package-mas:
     name: MacOS Package Prod Release Asset
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules
+    runs-on: macos-11
     needs:
       - browser-build
       - macos-build
@@ -1006,7 +1015,10 @@ jobs:
   macos-package-dev:
     name: MacOS Package Dev Release Asset
     if: false  # We need to look into how code signing works for dev
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules
+    runs-on: macos-11
     needs:
       - browser-build
       - macos-build
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index abd2538773..8576fb6760 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -299,7 +299,7 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
-      - name: Trigger web vault deploy
+      - name: Trigger web vault deploy using GitHub Run ID
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
@@ -311,7 +311,7 @@ jobs:
               ref: 'main',
               inputs: {
                 'environment': 'USDEV',
-                'branch-or-tag': 'main'
+                'build-web-run-id': '${{ github.run_id }}'
               }
             })
 
diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml
index 2d784652a5..769e700588 100644
--- a/.github/workflows/deploy-web.yml
+++ b/.github/workflows/deploy-web.yml
@@ -27,6 +27,10 @@ on:
         description: "Debug mode"
         type: boolean
         default: true
+      build-web-run-id:
+        description: "Build-web workflow Run ID to use for artifact download"
+        type: string
+        required: false
 
   workflow_call:
     inputs:
@@ -46,6 +50,10 @@ on:
         description: "Debug mode"
         type: boolean
         default: true
+      build-web-run-id:
+        description: "Build-web workflow Run ID to use for artifact download"
+        type: string
+        required: false
 
 permissions:
   deployments: write
@@ -168,7 +176,20 @@ jobs:
     env:
       _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
     steps:
+      - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
+        if: ${{ inputs.build-web-run-id }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        id: download-latest-artifacts
+        continue-on-error: true
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          run_id: ${{ inputs.build-web-run-id }}
+          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
+
       - name: 'Download latest cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
+        if: ${{ !inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
         id: download-artifacts
         continue-on-error: true
@@ -249,7 +270,20 @@ jobs:
           keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
           secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
 
+      - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
+        if: ${{ inputs.build-web-run-id }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        id: download-latest-artifacts
+        continue-on-error: true
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          run_id: ${{ inputs.build-web-run-id }}
+          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
+
       - name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
+        if: ${{ !inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build-web.yml
diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml
index 20bffb956e..b9e2d7a8c8 100644
--- a/.github/workflows/release-desktop-beta.yml
+++ b/.github/workflows/release-desktop-beta.yml
@@ -393,7 +393,10 @@ jobs:
 
   macos-build:
     name: MacOS Build
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules
+    runs-on: macos-11
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.release-version }}
@@ -522,7 +525,10 @@ jobs:
 
   macos-package-github:
     name: MacOS Package GitHub Release Assets
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules  
+    runs-on: macos-11
     needs:
       - setup
       - macos-build
@@ -732,7 +738,10 @@ jobs:
 
   macos-package-mas:
     name: MacOS Package Prod Release Asset
-    runs-on: macos-13
+    # Note, this workflow is running on macOS 11 to maintain compatibility with macOS 10.15 Catalina, 
+    # as the newer versions will case the native modules to be incompatible with older macOS systems
+    # This version should stay pinned until we drop support for macOS 10.15, or we drop the native modules    
+    runs-on: macos-11
     needs:
       - setup
       - macos-build
diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml
index 3e07f7fc98..2da6daaa19 100644
--- a/.github/workflows/release-web.yml
+++ b/.github/workflows/release-web.yml
@@ -113,105 +113,12 @@ jobs:
       - name: Log out of Docker
         run: docker logout
 
-
-  ghpages-deploy:
-    name: Create Deploy PR for GitHub Pages
-    runs-on: ubuntu-22.04
-    needs: setup
-    env:
-      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
-      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
-      _BRANCH: "v${{ needs.setup.outputs.release_version }}-deploy"
-    steps:
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve bot secrets
-        id: retrieve-bot-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: bitwarden-ci
-          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
-
-      - name: Checkout GH pages repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          repository: bitwarden/web-vault-pages
-          path: ghpages-deployment
-          token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
-
-      - name: Download latest cloud asset
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@main
-        with:
-          workflow: build-web.yml
-          path: assets
-          workflow_conclusion: success
-          branch: ${{ github.ref_name }}
-          artifacts: web-*-cloud-COMMERCIAL.zip
-
-      - name: Dry Run - Download latest cloud asset
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@main
-        with:
-          workflow: build-web.yml
-          path: assets
-          workflow_conclusion: success
-          branch: main
-          artifacts: web-*-cloud-COMMERCIAL.zip
-
-      - name: Unzip build asset
-        working-directory: assets
-        run: unzip web-*-cloud-COMMERCIAL.zip
-
-      - name: Create new branch
-        run: |
-          cd ${{ github.workspace }}/ghpages-deployment
-          git config user.name = "GitHub Action Bot"
-          git config user.email = "<>"
-          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
-          git config --global url."https://".insteadOf ssh://
-          git checkout -b ${_BRANCH}
-
-      - name: Copy build files
-        run: |
-          rm -rf ${{ github.workspace }}/ghpages-deployment/*
-          cp -Rf ${{ github.workspace }}/assets/build/* ghpages-deployment/
-
-      - name: Commit and push changes
-        working-directory: ghpages-deployment
-        run: |
-          git add .
-          git commit -m "Deploy Web v${_RELEASE_VERSION} to GitHub Pages"
-          git push --set-upstream origin ${_BRANCH} --force
-
-      - name: Create GitHub Pages Deploy PR
-        working-directory: ghpages-deployment
-        env:
-          GITHUB_TOKEN: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
-        run: |
-          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
-            gh pr create --title "Deploy v${_RELEASE_VERSION} to GitHub Pages" \
-              --draft \
-              --body "Deploying v${_RELEASE_VERSION}" \
-              --base main \
-              --head "${_BRANCH}"
-          else
-            gh pr create --title "Deploy v${_RELEASE_VERSION} to GitHub Pages" \
-              --body "Deploying v${_RELEASE_VERSION}" \
-              --base main \
-              --head "${_BRANCH}"
-          fi
-
   release:
     name: Create GitHub Release
     runs-on: ubuntu-22.04
     needs:
       - setup
       - self-host
-      - ghpages-deploy
     steps:
       - name: Create GitHub deployment
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index ea9e69226a..878171cd17 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -10,8 +10,6 @@ on:
   pull_request_target:
     types: [opened, synchronize]
 
-permissions: read-all
-
 jobs:
   check-run:
     name: Check PR run
@@ -22,6 +20,8 @@ jobs:
     runs-on: ubuntu-22.04
     needs: check-run
     permissions:
+      contents: read
+      pull-requests: write
       security-events: write
 
     steps:
@@ -43,7 +43,7 @@ jobs:
           additional_params: --report-format sarif --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
         with:
           sarif_file: cx_result.sarif
 
@@ -51,6 +51,9 @@ jobs:
     name: Quality scan
     runs-on: ubuntu-22.04
     needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
 
     steps:
       - name: Check out repo
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index 5aec22926d..246ca9a533 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -367,21 +367,27 @@ jobs:
         id: set-final-version-output
         run: |
           if [[ "${{ steps.bump-browser-version-override.outcome }}" = "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+            echo "version_browser=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.bump-browser-version-automatic.outcome }}" = "success" ]]; then
-            echo "version=${{ steps.calculate-next-browser-version.outputs.version }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-cli-version-override.outcome }}" = "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+            echo "version_browser=${{ steps.calculate-next-browser-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+          if [[ "${{ steps.bump-cli-version-override.outcome }}" = "success" ]]; then
+            echo "version_cli=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.bump-cli-version-automatic.outcome }}" = "success" ]]; then
-            echo "version=${{ steps.calculate-next-cli-version.outputs.version }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-desktop-version-override.outcome }}" = "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+            echo "version_cli=${{ steps.calculate-next-cli-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+          if [[ "${{ steps.bump-desktop-version-override.outcome }}" = "success" ]]; then
+            echo "version_desktop=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.bump-desktop-version-automatic.outcome }}" = "success" ]]; then
-            echo "version=${{ steps.calculate-next-desktop-version.outputs.version }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-web-version-override.outcome }}" = "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+            echo "version_desktop=${{ steps.calculate-next-desktop-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+          if [[ "${{ steps.bump-web-version-override.outcome }}" = "success" ]]; then
+            echo "version_web=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
           elif [[ "${{ steps.bump-web-version-automatic.outcome }}" = "success" ]]; then
-            echo "version=${{ steps.calculate-next-web-version.outputs.version }}" >> $GITHUB_OUTPUT
+            echo "version_web=${{ steps.calculate-next-web-version.outputs.version }}" >> $GITHUB_OUTPUT
           fi
 
       - name: Check if version changed
diff --git a/apps/browser/.eslintrc.json b/apps/browser/.eslintrc.json
new file mode 100644
index 0000000000..ba96051183
--- /dev/null
+++ b/apps/browser/.eslintrc.json
@@ -0,0 +1,26 @@
+{
+  "env": {
+    "browser": true,
+    "webextensions": true
+  },
+  "overrides": [
+    {
+      "files": ["src/**/*.ts"],
+      "excludedFiles": [
+        "src/**/{content,popup,spec}/**/*.ts",
+        "src/**/autofill/{notification,overlay}/**/*.ts",
+        "src/**/autofill/**/{autofill-overlay-content,collect-autofill-content,dom-element-visibility,insert-autofill-content}.service.ts",
+        "src/**/*.spec.ts"
+      ],
+      "rules": {
+        "no-restricted-globals": [
+          "error",
+          {
+            "name": "window",
+            "message": "The `window` object is not available in service workers and may not be available within the background script. Consider using `self`, `globalThis`, or another global property instead."
+          }
+        ]
+      }
+    }
+  ]
+}
diff --git a/apps/browser/package.json b/apps/browser/package.json
index b03469bbb7..d06eadf58d 100644
--- a/apps/browser/package.json
+++ b/apps/browser/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/browser",
-  "version": "2024.3.0",
+  "version": "2024.3.1",
   "scripts": {
     "build": "webpack",
     "build:mv3": "cross-env MANIFEST_VERSION=3 webpack",
diff --git a/apps/browser/src/_locales/ar/messages.json b/apps/browser/src/_locales/ar/messages.json
index 134c045f78..5e3a0152a5 100644
--- a/apps/browser/src/_locales/ar/messages.json
+++ b/apps/browser/src/_locales/ar/messages.json
@@ -2386,12 +2386,6 @@
     "message": "الاتحاد الأوروبي",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/az/messages.json b/apps/browser/src/_locales/az/messages.json
index 0dc43fedec..5d17d567fc 100644
--- a/apps/browser/src/_locales/az/messages.json
+++ b/apps/browser/src/_locales/az/messages.json
@@ -2386,12 +2386,6 @@
     "message": "AB",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Müraciət rədd edildi. Bu səhifəyə baxmaq üçün icazəniz yoxdur."
   },
diff --git a/apps/browser/src/_locales/be/messages.json b/apps/browser/src/_locales/be/messages.json
index f8454d4bd5..f05102d29f 100644
--- a/apps/browser/src/_locales/be/messages.json
+++ b/apps/browser/src/_locales/be/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ЕС",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Доступ забаронены. У вас не дастаткова правоў для прагляду гэтай старонкі."
   },
diff --git a/apps/browser/src/_locales/bg/messages.json b/apps/browser/src/_locales/bg/messages.json
index 8bc3b2d026..e96a48b3f0 100644
--- a/apps/browser/src/_locales/bg/messages.json
+++ b/apps/browser/src/_locales/bg/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ЕС",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Отказан достъп. Нямате право за преглед на страницата."
   },
diff --git a/apps/browser/src/_locales/bn/messages.json b/apps/browser/src/_locales/bn/messages.json
index c5ba112f3b..cfaed770c1 100644
--- a/apps/browser/src/_locales/bn/messages.json
+++ b/apps/browser/src/_locales/bn/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/bs/messages.json b/apps/browser/src/_locales/bs/messages.json
index d1466fb82a..9260f5c902 100644
--- a/apps/browser/src/_locales/bs/messages.json
+++ b/apps/browser/src/_locales/bs/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/ca/messages.json b/apps/browser/src/_locales/ca/messages.json
index 1bc35914d7..b77edf5611 100644
--- a/apps/browser/src/_locales/ca/messages.json
+++ b/apps/browser/src/_locales/ca/messages.json
@@ -2386,12 +2386,6 @@
     "message": "UE",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Accés denegat. No teniu permís per veure aquesta pàgina."
   },
diff --git a/apps/browser/src/_locales/cs/messages.json b/apps/browser/src/_locales/cs/messages.json
index ca81f2809a..bc2d7e8fd8 100644
--- a/apps/browser/src/_locales/cs/messages.json
+++ b/apps/browser/src/_locales/cs/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Přístup byl odepřen. Nemáte oprávnění k zobrazení této stránky."
   },
diff --git a/apps/browser/src/_locales/cy/messages.json b/apps/browser/src/_locales/cy/messages.json
index 55c6042ae8..665470b512 100644
--- a/apps/browser/src/_locales/cy/messages.json
+++ b/apps/browser/src/_locales/cy/messages.json
@@ -2386,12 +2386,6 @@
     "message": "UE",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Mynediad wedi ei wrthod. Does gennych chi ddim caniatâd i weld y dudalen hon."
   },
diff --git a/apps/browser/src/_locales/da/messages.json b/apps/browser/src/_locales/da/messages.json
index f1a710d17f..ab4c4e5b6e 100644
--- a/apps/browser/src/_locales/da/messages.json
+++ b/apps/browser/src/_locales/da/messages.json
@@ -709,7 +709,7 @@
     "message": "Vis indstillinger i kontekstmenuen"
   },
   "contextMenuItemDesc": {
-    "message": "Brug et sekundært klik for at få adgang til adgangskodegenerering og matchende logins til hjemmesiden."
+    "message": "Brug et sekundært klik for at tilgå adgangskodegenerering og matchende logins til webstedet."
   },
   "contextMenuItemDescAlt": {
     "message": "Brug et sekundært klik for at få adgang til adgangskodegenerering og matchende logins til webstedet. Gælder alle indloggede konti."
@@ -1033,7 +1033,7 @@
     "message": "Server URL"
   },
   "apiUrl": {
-    "message": "API server URL"
+    "message": "API-server URL"
   },
   "webVaultUrl": {
     "message": "Web-boks server URL"
@@ -1574,7 +1574,7 @@
     "message": "Advarsel: Dette er en ikke-sikret HTTP side, og alle indsendte oplysninger kan potentielt ses og ændres af andre. Dette login blev oprindeligt gemt på en sikker (HTTPS) side."
   },
   "insecurePageWarningFillPrompt": {
-    "message": "Do you still wish to fill this login?"
+    "message": "Ønsker dette login stadig udfyldt?"
   },
   "autofillIframeWarning": {
     "message": "Formularen hostes af et andet domæne end URI'en for det gemte login. Vælg OK for at autoudfylde alligevel, eller Afbryd for at stoppe."
@@ -1712,7 +1712,7 @@
     "message": "Biometri mislykkedes"
   },
   "biometricsFailedDesc": {
-    "message": "Biometri kan ikke fuldføres, overvej at bruge en hovedadgangskode eller logge ud og ind igen. Fortsætter problemet, kontakt Bitwarden-supporten."
+    "message": "Biometri kan ikke gennemføres. Overvej at bruge en hovedadgangskode eller at logge ud. Fortsætter problemet, kontakt Bitwarden-supporten."
   },
   "nativeMessaginPermissionErrorTitle": {
     "message": "Tilladelse ikke givet"
@@ -2027,7 +2027,7 @@
     "message": "Minutter"
   },
   "vaultTimeoutPolicyInEffect": {
-    "message": "Organisationspolitikker har sat maks. tilladt boks-timeout. til $HOURS$ time(r) og $MINUTES$ minut(ter).",
+    "message": "Organisationspolitikkerne har fastsat den maksimalt tilladte boks-timeout til $HOURS$ time(r) og $MINUTES$ minut(ter).",
     "placeholders": {
       "hours": {
         "content": "$1",
@@ -2314,7 +2314,7 @@
     "message": "Sådan autoudfyldes"
   },
   "autofillSelectInfoWithCommand": {
-    "message": "Select an item from this screen, use the shortcut $COMMAND$, or explore other options in settings.",
+    "message": "Vælg et emne fra denne skærm, brug genvejen $COMMAND$ eller udforsk andre valgmuligheder i Indstillinger.",
     "placeholders": {
       "command": {
         "content": "$1",
@@ -2323,7 +2323,7 @@
     }
   },
   "autofillSelectInfoWithoutCommand": {
-    "message": "Select an item from this screen, or explore other options in settings."
+    "message": "Vælg et emne fra denne skærm eller udforsk andre valgmuligheder i Indstillinger."
   },
   "gotIt": {
     "message": "Forstået"
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Adgang nægtet. Nødvendig tilladelse til at se siden mangler."
   },
@@ -2706,7 +2700,7 @@
     }
   },
   "launchDuoAndFollowStepsToFinishLoggingIn": {
-    "message": "Start DUO og følg trinene for at fuldføre indlogningen."
+    "message": "Start Duo og følg trinnene for at fuldføre indlogningen."
   },
   "duoRequiredForAccount": {
     "message": "Duo-totrinsindlogning kræves for kontoen."
@@ -2718,7 +2712,7 @@
     "message": "Pop ud-udvidelse"
   },
   "launchDuo": {
-    "message": "Start DUO"
+    "message": "Start Duo"
   },
   "importFormatError": {
     "message": "Data er ikke korrekt formateret. Tjek importfilen og forsøg igen."
diff --git a/apps/browser/src/_locales/de/messages.json b/apps/browser/src/_locales/de/messages.json
index 7a013add6e..0406953936 100644
--- a/apps/browser/src/_locales/de/messages.json
+++ b/apps/browser/src/_locales/de/messages.json
@@ -327,7 +327,7 @@
     "message": "Passwort"
   },
   "totp": {
-    "message": "Authenticator secret"
+    "message": "Authentifikator-Geheimnis"
   },
   "passphrase": {
     "message": "Passphrase"
@@ -522,16 +522,16 @@
     "message": "Die Felder dieser Seite konnten nicht automatisch ausgefüllt werden. Bitte Nutzernamen und/oder Passwort manuell kopieren."
   },
   "totpCaptureError": {
-    "message": "Unable to scan QR code from the current webpage"
+    "message": "QR-Code kann nicht von der aktuellen Webseite gescannt werden"
   },
   "totpCaptureSuccess": {
-    "message": "Authenticator key added"
+    "message": "Authentifizierungsschlüssel hinzugefügt"
   },
   "totpCapture": {
-    "message": "Scan authenticator QR code from current webpage"
+    "message": "Den Authentifizierungs-QR-Code von der aktuellen Webseite scannen"
   },
   "copyTOTP": {
-    "message": "Copy Authenticator key (TOTP)"
+    "message": "Authentifizierungsschlüssel kopieren (TOTP)"
   },
   "loggedOut": {
     "message": "Ausgeloggt"
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Zugriff verweigert. Du hast keine Berechtigung, diese Seite anzuzeigen."
   },
diff --git a/apps/browser/src/_locales/el/messages.json b/apps/browser/src/_locales/el/messages.json
index 01c4fe10a6..64014298e2 100644
--- a/apps/browser/src/_locales/el/messages.json
+++ b/apps/browser/src/_locales/el/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ΕΕ",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Δεν επιτρέπεται η πρόσβαση. Δεν έχετε άδεια για να δείτε αυτή τη σελίδα."
   },
diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index cf0ce67980..d802d27700 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
@@ -3005,5 +2999,11 @@
   "saveCipherAttemptFailed": {
     "message": "Error saving credentials. Check console for details.",
     "description": "Notification message for when saving credentials has failed."
+  },
+  "removePasskey": {
+    "message": "Remove passkey"
+  },
+  "passkeyRemoved": {
+    "message": "Passkey removed"
   }
 }
diff --git a/apps/browser/src/_locales/en_GB/messages.json b/apps/browser/src/_locales/en_GB/messages.json
index d2182a0b4e..26af3b5f71 100644
--- a/apps/browser/src/_locales/en_GB/messages.json
+++ b/apps/browser/src/_locales/en_GB/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/en_IN/messages.json b/apps/browser/src/_locales/en_IN/messages.json
index 8ab1d1fc58..ddbc3f41c9 100644
--- a/apps/browser/src/_locales/en_IN/messages.json
+++ b/apps/browser/src/_locales/en_IN/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/es/messages.json b/apps/browser/src/_locales/es/messages.json
index 58172b1a7a..b55c64c9f7 100644
--- a/apps/browser/src/_locales/es/messages.json
+++ b/apps/browser/src/_locales/es/messages.json
@@ -2386,12 +2386,6 @@
     "message": "Unión Europea",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Acceso denegado. No tiene permiso para ver esta página."
   },
diff --git a/apps/browser/src/_locales/et/messages.json b/apps/browser/src/_locales/et/messages.json
index 001588d5bc..b7e8b2419e 100644
--- a/apps/browser/src/_locales/et/messages.json
+++ b/apps/browser/src/_locales/et/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EL",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Ligipääs keelatud. Sul pole lubatud seda lehekülge vaadata."
   },
diff --git a/apps/browser/src/_locales/eu/messages.json b/apps/browser/src/_locales/eu/messages.json
index 64733c6c68..ac30dc4b28 100644
--- a/apps/browser/src/_locales/eu/messages.json
+++ b/apps/browser/src/_locales/eu/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/fa/messages.json b/apps/browser/src/_locales/fa/messages.json
index 0032767386..373fc5a8d0 100644
--- a/apps/browser/src/_locales/fa/messages.json
+++ b/apps/browser/src/_locales/fa/messages.json
@@ -2386,12 +2386,6 @@
     "message": "اروپا",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "دسترسی رد شد. شما اجازه مشاهده این صفحه را ندارید."
   },
diff --git a/apps/browser/src/_locales/fi/messages.json b/apps/browser/src/_locales/fi/messages.json
index a1955c205c..343c22d5d0 100644
--- a/apps/browser/src/_locales/fi/messages.json
+++ b/apps/browser/src/_locales/fi/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Pääsy estetty. Sinulla ei ole oikeutta avata sivua."
   },
diff --git a/apps/browser/src/_locales/fil/messages.json b/apps/browser/src/_locales/fil/messages.json
index f84d451ced..2a09430c27 100644
--- a/apps/browser/src/_locales/fil/messages.json
+++ b/apps/browser/src/_locales/fil/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/fr/messages.json b/apps/browser/src/_locales/fr/messages.json
index 7abc33e0f2..73e00ba489 100644
--- a/apps/browser/src/_locales/fr/messages.json
+++ b/apps/browser/src/_locales/fr/messages.json
@@ -95,7 +95,7 @@
     "message": "Saisie automatique de l'identifiant"
   },
   "autoFillCard": {
-    "message": "Saisie automatique de la carte"
+    "message": "Saisie automatique de la carte de paiement"
   },
   "autoFillIdentity": {
     "message": "Saisie automatique de l'identité"
@@ -110,7 +110,7 @@
     "message": "Aucun identifiant correspondant"
   },
   "noCards": {
-    "message": "Aucune carte"
+    "message": "Aucune carte de paiement"
   },
   "noIdentities": {
     "message": "Aucune identité"
@@ -119,7 +119,7 @@
     "message": "Ajouter un identifiant"
   },
   "addCardMenu": {
-    "message": "Ajouter une carte"
+    "message": "Ajouter une carte de paiement"
   },
   "addIdentityMenu": {
     "message": "Ajouter une identité"
@@ -131,7 +131,7 @@
     "message": "Connectez-vous à votre coffre"
   },
   "autoFillInfo": {
-    "message": "Il n'y a pas d'identifiants disponibles pour la saisie automatique dans l'onglet actuel."
+    "message": "Il n'y a pas d'identifiants disponibles pour la saisie automatique de l'onglet actuel du navigateur."
   },
   "addLogin": {
     "message": "Ajouter un identifiant"
@@ -223,7 +223,7 @@
     "message": "Centre d'aide Bitwarden"
   },
   "communityForums": {
-    "message": "Explorez les forums de la communauté Bitwarden"
+    "message": "Explorer les forums de la communauté Bitwarden"
   },
   "contactSupport": {
     "message": "Contacter le support Bitwarden"
@@ -312,7 +312,7 @@
     "message": "Modifier"
   },
   "view": {
-    "message": "Voir"
+    "message": "Afficher"
   },
   "noItemsInList": {
     "message": "Aucun identifiant à afficher."
@@ -327,7 +327,7 @@
     "message": "Mot de passe"
   },
   "totp": {
-    "message": "Application d'authentification"
+    "message": "Secret de l'Authentificateur"
   },
   "passphrase": {
     "message": "Phrase de passe"
@@ -360,7 +360,7 @@
     "message": "Site web"
   },
   "toggleVisibility": {
-    "message": "Afficher/Masquer"
+    "message": "Permuter la visibilité"
   },
   "manage": {
     "message": "Gérer"
@@ -522,16 +522,16 @@
     "message": "Impossible de saisir automatiquement l'élément sélectionné sur cette page. Essayez plutôt le copier-coller."
   },
   "totpCaptureError": {
-    "message": "Impossible de scanner le code QR à partir de la page web actuelle"
+    "message": "Impossible de scanner le QR code à partir de la page web actuelle"
   },
   "totpCaptureSuccess": {
-    "message": "Clé d'authentification ajoutée"
+    "message": "Clé de l'Authentificateur ajoutée"
   },
   "totpCapture": {
-    "message": "Scanner le code QR à partir de la page web actuelle"
+    "message": "Scanner le QR code de l'authentificateur à partir de la page web actuelle"
   },
   "copyTOTP": {
-    "message": "Copier la clé TOTP"
+    "message": "Copier la clé de l'Authentificateur (TOTP)"
   },
   "loggedOut": {
     "message": "Déconnecté"
@@ -644,25 +644,25 @@
     "description": "This is the folder for uncategorized items"
   },
   "enableAddLoginNotification": {
-    "message": "Demander à ajouter un identifiant"
+    "message": "Demander d'ajouter un identifiant"
   },
   "addLoginNotificationDesc": {
-    "message": "Demander à ajouter un élément si aucun n'est trouvé dans votre coffre."
+    "message": "Demander d'ajouter un élément si aucun n'est trouvé dans votre coffre."
   },
   "addLoginNotificationDescAlt": {
-    "message": "Demandez d'ajouter un élément s'il celui-ci n'est pas trouvé dans votre coffre. S'applique à tous les comptes connectés."
+    "message": "Demande l'ajout d'un élément si celui-ci n'est pas trouvé dans votre coffre. S'applique à tous les comptes connectés."
   },
   "showCardsCurrentTab": {
-    "message": "Afficher les cartes de paiement sur page d'Onglet"
+    "message": "Afficher les cartes de paiement sur la Page d'onglet"
   },
   "showCardsCurrentTabDesc": {
-    "message": "Lister les éléments de la carte sur la page de l'onglet pour faciliter la saisie automatique."
+    "message": "Liste les éléments des cartes de paiement sur la Page d'onglet pour faciliter la saisie automatique."
   },
   "showIdentitiesCurrentTab": {
-    "message": "Afficher les identités sur page d'Onglet"
+    "message": "Afficher les identités sur la page d'onglet"
   },
   "showIdentitiesCurrentTabDesc": {
-    "message": "Lister les éléments d'identité sur la page de l'onglet pour faciliter la saisie automatique."
+    "message": "Liste les éléments d'identité sur la Page d'onglet pour faciliter la saisie automatique."
   },
   "clearClipboard": {
     "message": "Effacer le presse-papiers",
@@ -679,19 +679,19 @@
     "message": "Enregistrer"
   },
   "enableChangedPasswordNotification": {
-    "message": "Demander à mettre à jour un identifiant existant"
+    "message": "Demander de mettre à jour un identifiant existant"
   },
   "changedPasswordNotificationDesc": {
-    "message": "Demander à mettre à jour le mot de passe d'un identifiant lorsqu'un changement est détecté sur un site Web."
+    "message": "Demande la mise à jour du mot de passe d'un identifiant lorsqu'un changement est détecté sur un site Web."
   },
   "changedPasswordNotificationDescAlt": {
-    "message": "Demander à mettre à jour le mot de passe d'un identifiant lorsqu'un changement est détecté sur un site web. S'applique à tous les comptes connectés."
+    "message": "Demande la mise à jour du mot de passe d'un identifiant lorsqu'un changement est détecté sur un site web. S'applique à tous les comptes connectés."
   },
   "enableUsePasskeys": {
-    "message": "Demander à enregistrer et utiliser les clés d'accès"
+    "message": "Demander d'enregistrer et d'utiliser les clés d'identification (passkeys)"
   },
   "usePasskeysDesc": {
-    "message": "Demander d'enregistrer de nouvelles clés d'accès ou bien de se connecter à l'aide de clés stockées dans votre coffre. S'applique à tous les comptes connectés."
+    "message": "Demande l'enregistrement de nouvelles clés d'identification (passkeys) ou la connexion à l'aide des clés d'identification (passkeys) stockées dans votre coffre. S'applique à tous les comptes connectés."
   },
   "notificationChangeDesc": {
     "message": "Souhaitez-vous mettre à jour ce mot de passe dans Bitwarden ?"
@@ -719,7 +719,7 @@
     "description": "Default URI match detection for auto-fill."
   },
   "defaultUriMatchDetectionDesc": {
-    "message": "Choisissez la manière de gestion par défaut de la détection de correspondance URI pour les identifiants lors de l'exécution d'actions telles que la saisie automatique."
+    "message": "Choisit la manière dont la détection des correspondances URI est gérée par défaut pour les connexions lors d'actions telles que la saisie automatique."
   },
   "theme": {
     "message": "Thème"
@@ -802,7 +802,7 @@
     "message": "En savoir plus"
   },
   "authenticatorKeyTotp": {
-    "message": "Clé d'authentification (TOTP)"
+    "message": "Clé de l'Authentificateur (TOTP)"
   },
   "verificationCodeTotp": {
     "message": "Code de vérification (TOTP)"
@@ -841,7 +841,7 @@
     "message": "La taille maximale du fichier est de 500 Mo."
   },
   "featureUnavailable": {
-    "message": "Fonctionnalité non disponible"
+    "message": "Fonctionnalité indisponible"
   },
   "encryptionKeyMigrationRequired": {
     "message": "Migration de la clé de chiffrement nécessaire. Veuillez vous connecter sur le coffre web pour mettre à jour votre clé de chiffrement."
@@ -907,7 +907,7 @@
     "message": "Actualisation terminée"
   },
   "enableAutoTotpCopy": {
-    "message": "Copier TOTP automatiquement"
+    "message": "Copier le TOTP automatiquement"
   },
   "disableAutoTotpCopyDesc": {
     "message": "Si un identifiant possède une clé d'authentification, copie le code de vérification TOTP dans votre presse-papiers lorsque vous saisissez automatiquement l'identifiant."
@@ -967,7 +967,7 @@
     "message": "Authentifier WebAuthn"
   },
   "loginUnavailable": {
-    "message": "Identifiant non disponible"
+    "message": "Identifiant indisponible"
   },
   "noTwoStepProviders": {
     "message": "Ce compte dispose d'une authentification à deux facteurs de configurée, cependant, aucun des fournisseurs à deux facteurs configurés n'est pris en charge par ce navigateur web."
@@ -1887,7 +1887,7 @@
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "sendShareDesc": {
-    "message": "Copier dans le presse-papiers le lien de ce Send lors de l'enregistrement.",
+    "message": "Copier le lien de ce Send dans le presse-papiers lors de l'enregistrement.",
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "sendTextDesc": {
@@ -2166,7 +2166,7 @@
     "message": "Service"
   },
   "forwardedEmail": {
-    "message": "Alias d'email transféré"
+    "message": "Alias de courriel transféré"
   },
   "forwardedEmailDesc": {
     "message": "Générer un alias de courriel avec un service de transfert externe."
@@ -2386,12 +2386,6 @@
     "message": "UE",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Accès refusé. Vous n'avez pas l'autorisation de voir cette page."
   },
@@ -2792,55 +2786,55 @@
     "message": "Confirmez le mot de passe du fichier"
   },
   "typePasskey": {
-    "message": "Clé d'accès"
+    "message": "Clé d'identification (passkey)"
   },
   "passkeyNotCopied": {
-    "message": "La clé d'accès ne sera pas copiée"
+    "message": "La clé d'identification (passkey) ne sera pas copiée"
   },
   "passkeyNotCopiedAlert": {
-    "message": "La clé d'accès ne sera pas présente sur l'entrée clonée. Continuer quand même ?"
+    "message": "La clé d'identification (passkey) ne sera pas copiée dans l'élément cloné. Voulez-vous continuer à cloner cet élément ?"
   },
   "passkeyFeatureIsNotImplementedForAccountsWithoutMasterPassword": {
-    "message": "Le site requiert une vérification qui n'est pas supportée pour les comptes sans mot de passe maître."
+    "message": "Vérification requise par le site initiateur. Cette fonctionnalité n'est pas encore implémentée pour les comptes sans mot de passe principal."
   },
   "logInWithPasskey": {
-    "message": "Se connecter avec une clé d'accès ?"
+    "message": "Se connecter avec une clé d'identification (passkey) ?"
   },
   "passkeyAlreadyExists": {
-    "message": "Une clé d'accès existe déjà pour cette application."
+    "message": "Une clé d'identification (passkey) existe déjà pour cette application."
   },
   "noPasskeysFoundForThisApplication": {
-    "message": "Aucune clé d'accès trouvée pour cette application."
+    "message": "Aucune clé d'identification (passkey) trouvée pour cette application."
   },
   "noMatchingPasskeyLogin": {
-    "message": "Vous n'avez aucun élément correspondant à ce site."
+    "message": "Vous n'avez pas d'identifiant correspondant à ce site."
   },
   "confirm": {
     "message": "Confirmer"
   },
   "savePasskey": {
-    "message": "Enregistrer la clé d'accès"
+    "message": "Enregistrer la clé d'identification (passkey)"
   },
   "savePasskeyNewLogin": {
-    "message": "Enregistrer comme nouvel élément"
+    "message": "Enregistrer la clé d'identification (passkey) comme nouvel identifiant"
   },
   "choosePasskey": {
-    "message": "Choisissez l'élément à associer à la clé d'accès"
+    "message": "Choisissez cette clé d'identification (passkey) pour l'enregistrer avec cet identifiant"
   },
   "passkeyItem": {
-    "message": "Élément avec clé d'accès"
+    "message": "Élément clé d'identification (passkey)"
   },
   "overwritePasskey": {
-    "message": "Écraser la clé d'accès existante ?"
+    "message": "Écraser la clé d'identification (passkey) ?"
   },
   "overwritePasskeyAlert": {
-    "message": "Cet élément contient déjà une clé d'accès. Voulez-vous vraiment l'écraser ?"
+    "message": "Cet élément contient déjà une clé d'identification (passkey). Êtes-vous sûr de vouloir écraser la clé d'identification (passkey) actuelle ?"
   },
   "featureNotSupported": {
     "message": "Fonctionnalité non supportée"
   },
   "yourPasskeyIsLocked": {
-    "message": "Authentification requise pour utiliser cette clé d'accès. Veuillez vérifier votre identité pour continuer."
+    "message": "Authentification requise pour utiliser une clé d'identification (passkey). Vérifiez votre identité pour continuer."
   },
   "multifactorAuthenticationCancelled": {
     "message": "Authentification multi-facteurs annulée"
@@ -2995,15 +2989,15 @@
     "description": "Button text for the setting that allows overriding the default browser autofill settings"
   },
   "saveCipherAttemptSuccess": {
-    "message": "Credentials saved successfully!",
+    "message": "Identifiants enregistrés avec succès !",
     "description": "Notification message for when saving credentials has succeeded."
   },
   "updateCipherAttemptSuccess": {
-    "message": "Credentials updated successfully!",
+    "message": "Identifiants mis à jour avec succès !",
     "description": "Notification message for when updating credentials has succeeded."
   },
   "saveCipherAttemptFailed": {
-    "message": "Error saving credentials. Check console for details.",
+    "message": "Erreur lors de l'enregistrement des identifiants. Consultez la console pour plus de détails.",
     "description": "Notification message for when saving credentials has failed."
   }
 }
diff --git a/apps/browser/src/_locales/gl/messages.json b/apps/browser/src/_locales/gl/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/gl/messages.json
+++ b/apps/browser/src/_locales/gl/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/he/messages.json b/apps/browser/src/_locales/he/messages.json
index 0df463d840..d902be6af0 100644
--- a/apps/browser/src/_locales/he/messages.json
+++ b/apps/browser/src/_locales/he/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/hi/messages.json b/apps/browser/src/_locales/hi/messages.json
index 6b27b5ff51..767edcfb95 100644
--- a/apps/browser/src/_locales/hi/messages.json
+++ b/apps/browser/src/_locales/hi/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/hr/messages.json b/apps/browser/src/_locales/hr/messages.json
index 41382ae8a5..b79477d83c 100644
--- a/apps/browser/src/_locales/hr/messages.json
+++ b/apps/browser/src/_locales/hr/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Pristup odbijen. Nemaš prava vidjeti ovu stranicu."
   },
diff --git a/apps/browser/src/_locales/hu/messages.json b/apps/browser/src/_locales/hu/messages.json
index f58743f4ad..fe4292d9c0 100644
--- a/apps/browser/src/_locales/hu/messages.json
+++ b/apps/browser/src/_locales/hu/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "A hozzáférés megtagadásra került. Nincs jogosultság az oldal megtekintésére."
   },
diff --git a/apps/browser/src/_locales/id/messages.json b/apps/browser/src/_locales/id/messages.json
index 0c21ec8f3c..44f6be8cef 100644
--- a/apps/browser/src/_locales/id/messages.json
+++ b/apps/browser/src/_locales/id/messages.json
@@ -20,7 +20,7 @@
     "message": "Masuk"
   },
   "enterpriseSingleSignOn": {
-    "message": "Sistem Masuk Tunggal Perusahaan"
+    "message": "SSO Perusahaan"
   },
   "cancel": {
     "message": "Batal"
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/it/messages.json b/apps/browser/src/_locales/it/messages.json
index cf4e32436c..ac6bcc9cb5 100644
--- a/apps/browser/src/_locales/it/messages.json
+++ b/apps/browser/src/_locales/it/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Accesso negato. Non hai i permessi necessari per visualizzare questa pagina."
   },
diff --git a/apps/browser/src/_locales/ja/messages.json b/apps/browser/src/_locales/ja/messages.json
index f7be05d670..990775c084 100644
--- a/apps/browser/src/_locales/ja/messages.json
+++ b/apps/browser/src/_locales/ja/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "アクセスが拒否されました。このページを表示する権限がありません。"
   },
diff --git a/apps/browser/src/_locales/ka/messages.json b/apps/browser/src/_locales/ka/messages.json
index 93cf353696..fdcd46bc3c 100644
--- a/apps/browser/src/_locales/ka/messages.json
+++ b/apps/browser/src/_locales/ka/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/km/messages.json b/apps/browser/src/_locales/km/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/km/messages.json
+++ b/apps/browser/src/_locales/km/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/kn/messages.json b/apps/browser/src/_locales/kn/messages.json
index b065c2f245..20fb2ea458 100644
--- a/apps/browser/src/_locales/kn/messages.json
+++ b/apps/browser/src/_locales/kn/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/ko/messages.json b/apps/browser/src/_locales/ko/messages.json
index 2943c7234d..394534d6b0 100644
--- a/apps/browser/src/_locales/ko/messages.json
+++ b/apps/browser/src/_locales/ko/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/lt/messages.json b/apps/browser/src/_locales/lt/messages.json
index 703eb9ea6d..fe73a8a28a 100644
--- a/apps/browser/src/_locales/lt/messages.json
+++ b/apps/browser/src/_locales/lt/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ES",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Prieiga uždrausta. Neturi teisės peržiūrėti šį puslapį."
   },
diff --git a/apps/browser/src/_locales/lv/messages.json b/apps/browser/src/_locales/lv/messages.json
index a692685b88..83f3de2556 100644
--- a/apps/browser/src/_locales/lv/messages.json
+++ b/apps/browser/src/_locales/lv/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ES",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Piekļuve liegta. Nav nepieciešamo atļauju, lai skatītu šo lapu."
   },
diff --git a/apps/browser/src/_locales/ml/messages.json b/apps/browser/src/_locales/ml/messages.json
index 6c864d3db3..c2d1006694 100644
--- a/apps/browser/src/_locales/ml/messages.json
+++ b/apps/browser/src/_locales/ml/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/mr/messages.json b/apps/browser/src/_locales/mr/messages.json
index d396ec9caf..7ddbe00732 100644
--- a/apps/browser/src/_locales/mr/messages.json
+++ b/apps/browser/src/_locales/mr/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/my/messages.json b/apps/browser/src/_locales/my/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/my/messages.json
+++ b/apps/browser/src/_locales/my/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/nb/messages.json b/apps/browser/src/_locales/nb/messages.json
index 6cb1213585..d7a8345a23 100644
--- a/apps/browser/src/_locales/nb/messages.json
+++ b/apps/browser/src/_locales/nb/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/ne/messages.json b/apps/browser/src/_locales/ne/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/ne/messages.json
+++ b/apps/browser/src/_locales/ne/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/nl/messages.json b/apps/browser/src/_locales/nl/messages.json
index 8fbce3c922..c28b99b7c2 100644
--- a/apps/browser/src/_locales/nl/messages.json
+++ b/apps/browser/src/_locales/nl/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Toegang geweigerd. Je hebt geen toestemming om deze pagina te bekijken."
   },
diff --git a/apps/browser/src/_locales/nn/messages.json b/apps/browser/src/_locales/nn/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/nn/messages.json
+++ b/apps/browser/src/_locales/nn/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/or/messages.json b/apps/browser/src/_locales/or/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/or/messages.json
+++ b/apps/browser/src/_locales/or/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/pl/messages.json b/apps/browser/src/_locales/pl/messages.json
index c72c837a86..e4c3b7b171 100644
--- a/apps/browser/src/_locales/pl/messages.json
+++ b/apps/browser/src/_locales/pl/messages.json
@@ -2386,12 +2386,6 @@
     "message": "UE",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Odmowa dostępu. Nie masz uprawnień do przeglądania tej strony."
   },
diff --git a/apps/browser/src/_locales/pt_BR/messages.json b/apps/browser/src/_locales/pt_BR/messages.json
index 8e0a7fb25b..3445a3ff5f 100644
--- a/apps/browser/src/_locales/pt_BR/messages.json
+++ b/apps/browser/src/_locales/pt_BR/messages.json
@@ -2386,12 +2386,6 @@
     "message": "Europa",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Acesso negado. Você não tem permissão para ver esta página."
   },
diff --git a/apps/browser/src/_locales/pt_PT/messages.json b/apps/browser/src/_locales/pt_PT/messages.json
index fdd8d04945..117c5be6b4 100644
--- a/apps/browser/src/_locales/pt_PT/messages.json
+++ b/apps/browser/src/_locales/pt_PT/messages.json
@@ -2386,12 +2386,6 @@
     "message": "UE",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Acesso negado. Não tem permissão para visualizar esta página."
   },
@@ -2919,7 +2913,7 @@
     "message": "Mudar de conta"
   },
   "switchAccounts": {
-    "message": "Mudar de contas"
+    "message": "Mudar de conta"
   },
   "switchToAccount": {
     "message": "Mudar para conta"
diff --git a/apps/browser/src/_locales/ro/messages.json b/apps/browser/src/_locales/ro/messages.json
index ce30d10790..4851add018 100644
--- a/apps/browser/src/_locales/ro/messages.json
+++ b/apps/browser/src/_locales/ro/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Acces refuzat. Nu aveți permisiunea de a vizualiza această pagină."
   },
diff --git a/apps/browser/src/_locales/ru/messages.json b/apps/browser/src/_locales/ru/messages.json
index 6a6398d445..fb4e2abaac 100644
--- a/apps/browser/src/_locales/ru/messages.json
+++ b/apps/browser/src/_locales/ru/messages.json
@@ -2386,12 +2386,6 @@
     "message": "Европа",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Доступ запрещен. У вас нет разрешения на просмотр этой страницы."
   },
diff --git a/apps/browser/src/_locales/si/messages.json b/apps/browser/src/_locales/si/messages.json
index 6f73892b14..ca466ef7bb 100644
--- a/apps/browser/src/_locales/si/messages.json
+++ b/apps/browser/src/_locales/si/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/sk/messages.json b/apps/browser/src/_locales/sk/messages.json
index 9f5b07fb98..382dc82245 100644
--- a/apps/browser/src/_locales/sk/messages.json
+++ b/apps/browser/src/_locales/sk/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EÚ",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Prístup zamietnutý. Nemáte oprávnenie na zobrazenie tejto stránky."
   },
diff --git a/apps/browser/src/_locales/sl/messages.json b/apps/browser/src/_locales/sl/messages.json
index e0fcda1359..e11a56acde 100644
--- a/apps/browser/src/_locales/sl/messages.json
+++ b/apps/browser/src/_locales/sl/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/sr/messages.json b/apps/browser/src/_locales/sr/messages.json
index ab4f07c5cb..d598263e91 100644
--- a/apps/browser/src/_locales/sr/messages.json
+++ b/apps/browser/src/_locales/sr/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Одбијен приступ. Немате дозволу да видите ову страницу."
   },
diff --git a/apps/browser/src/_locales/sv/messages.json b/apps/browser/src/_locales/sv/messages.json
index 301ec51cba..082fbac350 100644
--- a/apps/browser/src/_locales/sv/messages.json
+++ b/apps/browser/src/_locales/sv/messages.json
@@ -494,7 +494,7 @@
     "message": "Ditt nya konto har skapats! Du kan logga in nu."
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "Du är nu inloggad"
   },
   "youMayCloseThisWindow": {
     "message": "Du kan stänga detta fönster"
@@ -522,7 +522,7 @@
     "message": "Kunde inte automatiskt fylla i det valda objektet på den här webbsidan. Klipp/klistra informationen istället."
   },
   "totpCaptureError": {
-    "message": "Unable to scan QR code from the current webpage"
+    "message": "Det går inte att skanna QR-koden från den aktuella webbsidan"
   },
   "totpCaptureSuccess": {
     "message": "Authenticator key added"
@@ -868,7 +868,7 @@
     "message": "1 GB lagring av krypterade filer."
   },
   "premiumSignUpTwoStepOptions": {
-    "message": "Proprietary two-step login options such as YubiKey and Duo."
+    "message": "Premium-alternativ för tvåstegsverifiering, såsom YubiKey och Duo."
   },
   "ppremiumSignUpReports": {
     "message": "Lösenordshygien, kontohälsa och dataintrångsrapporter för att hålla ditt valv säkert."
@@ -1993,7 +1993,7 @@
     "message": "Ditt huvudlösenord ändrades nyligen av en administratör i din organisation. För att få tillgång till valvet måste du uppdatera det nu. Om du fortsätter kommer du att loggas ut från din nuvarande session, vilket kräver att du loggar in igen. Aktiva sessioner på andra enheter kan komma att vara aktiva i upp till en timme."
   },
   "updateWeakMasterPasswordWarning": {
-    "message": "Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now. Proceeding will log you out of your current session, requiring you to log back in. Active sessions on other devices may continue to remain active for up to one hour."
+    "message": "Ditt huvudlösenord följer inte ett eller flera av din organisations regler. För att komma åt ditt valv så måste du ändra ditt huvudlösenord nu. Om du gör det kommer du att loggas du ut ur din nuvarande session så du måste logga in på nytt. Aktiva sessioner på andra enheter kommer fortsatt vara aktiva i upp till en timme."
   },
   "resetPasswordPolicyAutoEnroll": {
     "message": "Automatiskt deltagande"
@@ -2009,11 +2009,11 @@
     "description": "Used as a message within the notification bar when no folders are found"
   },
   "orgPermissionsUpdatedMustSetPassword": {
-    "message": "Your organization permissions were updated, requiring you to set a master password.",
+    "message": "Din organisations behörigheter uppdaterades, vilket kräver att du anger ett huvudlösenord.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "orgRequiresYouToSetPassword": {
-    "message": "Your organization requires you to set a master password.",
+    "message": "Din organisation kräver att du anger ett huvudlösenord.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "verificationRequired": {
@@ -2215,7 +2215,7 @@
     "message": "Serverversion"
   },
   "selfHostedServer": {
-    "message": "self-hosted"
+    "message": "självhostad"
   },
   "thirdParty": {
     "message": "Tredje part"
@@ -2371,7 +2371,7 @@
     "message": "Uncheck if using a public device"
   },
   "approveFromYourOtherDevice": {
-    "message": "Approve from your other device"
+    "message": "Godkänn från din andra enhet"
   },
   "requestAdminApproval": {
     "message": "Be om godkännande från administratör"
@@ -2380,18 +2380,12 @@
     "message": "Godkänn med huvudlösenord"
   },
   "ssoIdentifierRequired": {
-    "message": "Organization SSO identifier is required."
+    "message": "Organisationens SSO-identifierare krävs."
   },
   "eu": {
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
@@ -2402,10 +2396,10 @@
     "message": "Display"
   },
   "accountSuccessfullyCreated": {
-    "message": "Account successfully created!"
+    "message": "Ditt konto har skapats!"
   },
   "adminApprovalRequested": {
-    "message": "Admin approval requested"
+    "message": "Godkännande från administratör har begärts"
   },
   "adminApprovalRequestSentToAdmins": {
     "message": "Din begäran har skickats till din administratör."
@@ -2420,13 +2414,13 @@
     "message": "Inloggning godkänd"
   },
   "userEmailMissing": {
-    "message": "User email missing"
+    "message": "Användarens e-postadress saknas"
   },
   "deviceTrusted": {
     "message": "Device trusted"
   },
   "inputRequired": {
-    "message": "Input is required."
+    "message": "Inmatning är obligatoriskt."
   },
   "required": {
     "message": "obligatoriskt"
@@ -2526,7 +2520,7 @@
     "message": "Undermeny"
   },
   "toggleCollapse": {
-    "message": "Toggle collapse",
+    "message": "Växla synlig/dold",
     "description": "Toggling an expand/collapse state."
   },
   "filelessImport": {
@@ -2550,7 +2544,7 @@
     "description": "Notification message for when an import is in progress."
   },
   "dataSuccessfullyImported": {
-    "message": "Data successfully imported!",
+    "message": "Data har importerats till ditt valv!",
     "description": "Notification message for when an import has completed successfully."
   },
   "dataImportFailed": {
@@ -2577,7 +2571,7 @@
     "description": "Message appearing below the autofill on load message when master password reprompt is set for a vault item."
   },
   "skipToContent": {
-    "message": "Skip to content"
+    "message": "Hoppa till innehåll"
   },
   "bitwardenOverlayButton": {
     "message": "Bitwarden automatisk ifyllnadsmenyknapp",
@@ -2596,11 +2590,11 @@
     "description": "Text to display in overlay when the account is locked."
   },
   "unlockAccount": {
-    "message": "Unlock account",
+    "message": "Lås upp konto",
     "description": "Button text to display in overlay when the account is locked."
   },
   "fillCredentialsFor": {
-    "message": "Fill credentials for",
+    "message": "Fyll i uppgifter för",
     "description": "Screen reader text for when overlay item is in focused"
   },
   "partialUsername": {
@@ -2624,7 +2618,7 @@
     "description": "Screen reader text for announcing when the overlay opens on the page"
   },
   "turnOn": {
-    "message": "Turn on"
+    "message": "Aktivera"
   },
   "ignore": {
     "message": "Ignorera"
@@ -2634,7 +2628,7 @@
     "description": "Used for the header of the import dialog, the import button and within the file-password-prompt"
   },
   "importError": {
-    "message": "Import error"
+    "message": "Fel vid import"
   },
   "importErrorDesc": {
     "message": "Det uppstod ett problem med den data du försökte importera. Åtgärda de fel som anges nedan i din källfil och försök igen."
@@ -2646,10 +2640,10 @@
     "message": "Beskrivning"
   },
   "importSuccess": {
-    "message": "Data successfully imported"
+    "message": "Data har importerats till ditt valv"
   },
   "importSuccessNumberOfItems": {
-    "message": "A total of $AMOUNT$ items were imported.",
+    "message": "Sammanlagt $AMOUNT$ objekt importerades.",
     "placeholders": {
       "amount": {
         "content": "$1",
@@ -2670,10 +2664,10 @@
     "message": "Verifiera med biometri"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "Väntar på bekräftelse"
   },
   "couldNotCompleteBiometrics": {
-    "message": "Could not complete biometrics."
+    "message": "Det gick inte att slutföra biometri."
   },
   "needADifferentMethod": {
     "message": "Behöver du en annan metod?"
@@ -2688,16 +2682,16 @@
     "message": "Använd biometri"
   },
   "enterVerificationCodeSentToEmail": {
-    "message": "Enter the verification code that was sent to your email."
+    "message": "Ange verifieringskoden som skickades till din e-postadress."
   },
   "resendCode": {
     "message": "Skicka kod igen"
   },
   "total": {
-    "message": "Total"
+    "message": "Totalt"
   },
   "importWarning": {
-    "message": "You are importing data to $ORGANIZATION$. Your data may be shared with members of this organization. Do you want to proceed?",
+    "message": "Du importerar data till $ORGANIZATION$. Din data kan komma att delas med medlemmar i den här organisationen. Vill du fortsätta?",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -2718,19 +2712,19 @@
     "message": "Popout extension"
   },
   "launchDuo": {
-    "message": "Launch Duo"
+    "message": "Starta Duo"
   },
   "importFormatError": {
-    "message": "Data is not formatted correctly. Please check your import file and try again."
+    "message": "Datan är inte korrekt formaterad. Vänligen kontrollera din importerade fil och försök igen."
   },
   "importNothingError": {
     "message": "Ingenting har importerats."
   },
   "importEncKeyError": {
-    "message": "Error decrypting the exported file. Your encryption key does not match the encryption key used export the data."
+    "message": "Ett fel uppstod vid dekryptering av den exporterade filen. Din krypteringsnyckel matchar inte krypteringsnyckeln som användes för att exportera datan."
   },
   "invalidFilePassword": {
-    "message": "Invalid file password, please use the password you entered when you created the export file."
+    "message": "Ogiltigt fillösenord, använd lösenordet du angav när du skapade exportfilen."
   },
   "importDestination": {
     "message": "Importdestination"
@@ -2755,13 +2749,13 @@
     }
   },
   "importUnassignedItemsError": {
-    "message": "File contains unassigned items."
+    "message": "Filen innehåller otilldelade objekt."
   },
   "selectFormat": {
-    "message": "Select the format of the import file"
+    "message": "Välj importfilens format"
   },
   "selectImportFile": {
-    "message": "Select the import file"
+    "message": "Välj importfilen"
   },
   "chooseFile": {
     "message": "Välj fil"
@@ -2770,10 +2764,10 @@
     "message": "Ingen fil vald"
   },
   "orCopyPasteFileContents": {
-    "message": "or copy/paste the import file contents"
+    "message": "eller kopiera och klistra in innehållet från filen"
   },
   "instructionsFor": {
-    "message": "$NAME$ Instructions",
+    "message": "Instruktioner för $NAME$",
     "description": "The title for the import tool instructions.",
     "placeholders": {
       "name": {
@@ -2783,13 +2777,13 @@
     }
   },
   "confirmVaultImport": {
-    "message": "Confirm vault import"
+    "message": "Bekräfta importering av valv"
   },
   "confirmVaultImportDesc": {
-    "message": "This file is password-protected. Please enter the file password to import data."
+    "message": "Den här filen är lösenordsskyddad. Ange lösenordet för att importera data."
   },
   "confirmFilePassword": {
-    "message": "Confirm file password"
+    "message": "Bekräfta fillösenord"
   },
   "typePasskey": {
     "message": "Lösennyckel"
@@ -2837,7 +2831,7 @@
     "message": "Detta objekt innehåller redan en lösennyckel. Är du säker på att du vill skriva över nuvarande lösennyckeln?"
   },
   "featureNotSupported": {
-    "message": "Feature not yet supported"
+    "message": "Funktionen stöds ännu inte"
   },
   "yourPasskeyIsLocked": {
     "message": "Autentisering krävs för att använda lösennyckel. Verifiera din identitet för att fortsätta."
@@ -2913,19 +2907,19 @@
     "message": "Samling"
   },
   "lastPassYubikeyDesc": {
-    "message": "Insert the YubiKey associated with your LastPass account into your computer's USB port, then touch its button."
+    "message": "Sätt in YubiKey som associeras med ditt LastPass-konto i din dators USB-port, tryck sedan på knappen."
   },
   "switchAccount": {
-    "message": "Switch account"
+    "message": "Byt konto"
   },
   "switchAccounts": {
-    "message": "Switch accounts"
+    "message": "Byt konto"
   },
   "switchToAccount": {
-    "message": "Switch to account"
+    "message": "Byt till konto"
   },
   "activeAccount": {
-    "message": "Active account"
+    "message": "Aktivt konto"
   },
   "availableAccounts": {
     "message": "Tillgängliga konton"
@@ -2952,10 +2946,10 @@
     "message": "Använd din enhet eller hårdvarunyckel"
   },
   "justOnce": {
-    "message": "Just once"
+    "message": "Bara en gång"
   },
   "alwaysForThisSite": {
-    "message": "Always for this site"
+    "message": "Alltid för denna webbplats"
   },
   "domainAddedToExcludedDomains": {
     "message": "$DOMAIN$ added to excluded domains.",
@@ -2991,7 +2985,7 @@
     "description": "Description for the dialog that appears when the user has not granted the extension permission to set privacy settings"
   },
   "makeDefault": {
-    "message": "Make default",
+    "message": "Gör till standard",
     "description": "Button text for the setting that allows overriding the default browser autofill settings"
   },
   "saveCipherAttemptSuccess": {
diff --git a/apps/browser/src/_locales/te/messages.json b/apps/browser/src/_locales/te/messages.json
index 97c8fa424b..4a37361f29 100644
--- a/apps/browser/src/_locales/te/messages.json
+++ b/apps/browser/src/_locales/te/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/th/messages.json b/apps/browser/src/_locales/th/messages.json
index e52aecbeda..011b7983d4 100644
--- a/apps/browser/src/_locales/th/messages.json
+++ b/apps/browser/src/_locales/th/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/tr/messages.json b/apps/browser/src/_locales/tr/messages.json
index c7839fb4d9..391fef8ddc 100644
--- a/apps/browser/src/_locales/tr/messages.json
+++ b/apps/browser/src/_locales/tr/messages.json
@@ -2386,12 +2386,6 @@
     "message": "AB",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Erişim engellendi. Bu sayfayı görüntüleme iznine sahip değilsiniz."
   },
diff --git a/apps/browser/src/_locales/uk/messages.json b/apps/browser/src/_locales/uk/messages.json
index 4ab4067914..98dabb597d 100644
--- a/apps/browser/src/_locales/uk/messages.json
+++ b/apps/browser/src/_locales/uk/messages.json
@@ -2386,12 +2386,6 @@
     "message": "ЄС",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Доступ заборонено. У вас немає дозволу на перегляд цієї сторінки."
   },
diff --git a/apps/browser/src/_locales/vi/messages.json b/apps/browser/src/_locales/vi/messages.json
index f02f1127c7..3a7cf5a794 100644
--- a/apps/browser/src/_locales/vi/messages.json
+++ b/apps/browser/src/_locales/vi/messages.json
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
diff --git a/apps/browser/src/_locales/zh_CN/messages.json b/apps/browser/src/_locales/zh_CN/messages.json
index cd189db75f..1c269640c8 100644
--- a/apps/browser/src/_locales/zh_CN/messages.json
+++ b/apps/browser/src/_locales/zh_CN/messages.json
@@ -1500,7 +1500,7 @@
     "message": "无效 PIN 码。"
   },
   "tooManyInvalidPinEntryAttemptsLoggingOut": {
-    "message": "无效的 PIN 输入尝试次数过多，正在退出登录。"
+    "message": "无效的 PIN 输入尝试次数过多，正在注销。"
   },
   "unlockWithBiometrics": {
     "message": "使用生物识别解锁"
@@ -1742,7 +1742,7 @@
     "message": "Bitwarden 将不会询问是否为这些域名保存登录信息。您必须刷新页面才能使更改生效。"
   },
   "excludedDomainsDescAlt": {
-    "message": "Bitwarden 不会询问保存所有已登录的账户的这些域名的登录信息。您必须刷新页面才能使更改生效。"
+    "message": "Bitwarden 不会询问保存所有已登录的账户的这些域名的登录信息。必须刷新页面才能使更改生效。"
   },
   "excludedDomainsInvalidDomain": {
     "message": "$DOMAIN$ 不是一个有效的域名",
@@ -2314,7 +2314,7 @@
     "message": "如何自动填充"
   },
   "autofillSelectInfoWithCommand": {
-    "message": "从此界面选择一个项目，使用快捷方式 $COMMAND$，或探索设置中的其他选项。",
+    "message": "从此界面选择一个项目，使用快捷键 $COMMAND$，或探索设置中的其他选项。",
     "placeholders": {
       "command": {
         "content": "$1",
@@ -2335,10 +2335,10 @@
     "message": "自动填充键盘快捷键"
   },
   "autofillShortcutNotSet": {
-    "message": "未设置自动填充快捷方式。请在浏览器设置中更改此设置。"
+    "message": "未设置自动填充快捷键。可在浏览器的设置中更改它。"
   },
   "autofillShortcutText": {
-    "message": "自动填充快捷方式为： $COMMAND$。在浏览器设置中更改此项。",
+    "message": "自动填充快捷键为：$COMMAND$。可在浏览器的设置中更改它。",
     "placeholders": {
       "command": {
         "content": "$1",
@@ -2386,12 +2386,6 @@
     "message": "欧盟",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "访问被拒绝。您没有权限查看此页面。"
   },
@@ -2934,7 +2928,7 @@
     "message": "已达到账户上限。请注销一个账户后再添加其他账户。"
   },
   "active": {
-    "message": "已生效"
+    "message": "活动的"
   },
   "locked": {
     "message": "已锁定"
@@ -2967,7 +2961,7 @@
     }
   },
   "commonImportFormats": {
-    "message": "通用格式",
+    "message": "常规格式",
     "description": "Label indicating the most common import formats"
   },
   "overrideDefaultBrowserAutofillTitle": {
@@ -2975,7 +2969,7 @@
     "description": "Dialog title facilitating the ability to override a chrome browser's default autofill behavior"
   },
   "overrideDefaultBrowserAutofillDescription": {
-    "message": "忽略此设置可能会导致 Bitwarden 自动填充菜单与浏览器自带功能产生冲突。",
+    "message": "忽略此选项可能会导致 Bitwarden 自动填充菜单与浏览器自带功能产生冲突。",
     "description": "Dialog message facilitating the ability to override a chrome browser's default autofill behavior"
   },
   "overrideDefaultBrowserAutoFillSettings": {
diff --git a/apps/browser/src/_locales/zh_TW/messages.json b/apps/browser/src/_locales/zh_TW/messages.json
index 80e05c7c1c..fdd6f4639b 100644
--- a/apps/browser/src/_locales/zh_TW/messages.json
+++ b/apps/browser/src/_locales/zh_TW/messages.json
@@ -327,7 +327,7 @@
     "message": "密碼"
   },
   "totp": {
-    "message": "Authenticator secret"
+    "message": "程式產生驗證碼"
   },
   "passphrase": {
     "message": "密碼短語"
@@ -372,7 +372,7 @@
     "message": "設定一個解鎖方式來變更您的密碼庫逾時動作。"
   },
   "unlockMethodNeeded": {
-    "message": "Set up an unlock method in Settings"
+    "message": "設定中設定解鎖"
   },
   "rateExtension": {
     "message": "為本套件評分"
@@ -494,10 +494,10 @@
     "message": "帳戶已建立！現在可以登入了。"
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "登入成功"
   },
   "youMayCloseThisWindow": {
-    "message": "You may close this window"
+    "message": "您可以關閉此視窗"
   },
   "masterPassSent": {
     "message": "已寄出包含您主密碼提示的電子郵件。"
@@ -522,13 +522,13 @@
     "message": "無法在此頁面自動填入所選項目。請手動複製貼上。"
   },
   "totpCaptureError": {
-    "message": "Unable to scan QR code from the current webpage"
+    "message": "無法掃描此網頁的二維碼"
   },
   "totpCaptureSuccess": {
     "message": "已新增驗證器金鑰。"
   },
   "totpCapture": {
-    "message": "Scan authenticator QR code from current webpage"
+    "message": "從目前網頁掃描驗證器二維碼"
   },
   "copyTOTP": {
     "message": "複製驗證器金鑰 (TOTP)"
@@ -1061,7 +1061,7 @@
     "message": "Turn off your browser’s built in password manager settings to avoid conflicts."
   },
   "turnOffBrowserBuiltInPasswordManagerSettingsLink": {
-    "message": "Edit browser settings."
+    "message": "編輯瀏覽器設定"
   },
   "autofillOverlayVisibilityOff": {
     "message": "關閉",
@@ -1500,7 +1500,7 @@
     "message": "無效的 PIN 碼。"
   },
   "tooManyInvalidPinEntryAttemptsLoggingOut": {
-    "message": "Too many invalid PIN entry attempts. Logging out."
+    "message": "輸入太多無效 PIN 碼。 登出。"
   },
   "unlockWithBiometrics": {
     "message": "使用生物特徵辨識解鎖"
@@ -2005,7 +2005,7 @@
     "message": "選擇資料夾⋯"
   },
   "noFoldersFound": {
-    "message": "No folders found",
+    "message": "未找到資料夾",
     "description": "Used as a message within the notification bar when no folders are found"
   },
   "orgPermissionsUpdatedMustSetPassword": {
@@ -2017,7 +2017,7 @@
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "verificationRequired": {
-    "message": "Verification required",
+    "message": "需要驗證",
     "description": "Default title for the user verification dialog."
   },
   "hours": {
@@ -2386,12 +2386,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "accessDenied": {
     "message": "拒絕存取。您沒有檢視此頁面的權限。"
   },
@@ -2558,7 +2552,7 @@
     "description": "Notification message for when an import has failed."
   },
   "importNetworkError": {
-    "message": "Network error encountered during import.",
+    "message": "匯入時遇到網路錯誤",
     "description": "Notification message for when an import has failed due to a network error."
   },
   "aliasDomain": {
@@ -2664,34 +2658,34 @@
     "message": "Verification required for this action. Set a PIN to continue."
   },
   "setPin": {
-    "message": "Set PIN"
+    "message": "設定 PIN 碼"
   },
   "verifyWithBiometrics": {
-    "message": "Verify with biometrics"
+    "message": "生物辨識驗證"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "正在等待確認"
   },
   "couldNotCompleteBiometrics": {
     "message": "Could not complete biometrics."
   },
   "needADifferentMethod": {
-    "message": "Need a different method?"
+    "message": "需要不同的方法嗎？"
   },
   "useMasterPassword": {
-    "message": "Use master password"
+    "message": "用主密碼"
   },
   "usePin": {
-    "message": "Use PIN"
+    "message": "使用 PIN 碼"
   },
   "useBiometrics": {
-    "message": "Use biometrics"
+    "message": "用生物識別"
   },
   "enterVerificationCodeSentToEmail": {
     "message": "Enter the verification code that was sent to your email."
   },
   "resendCode": {
-    "message": "Resend code"
+    "message": "重新傳送驗證碼"
   },
   "total": {
     "message": "總計"
@@ -2718,7 +2712,7 @@
     "message": "Popout extension"
   },
   "launchDuo": {
-    "message": "Launch Duo"
+    "message": "開啟Duo"
   },
   "importFormatError": {
     "message": "資料格式不正確。請檢查您匯入的檔案後再試一次。"
@@ -2852,13 +2846,13 @@
     "message": "使用者名稱或密碼不正確"
   },
   "incorrectPassword": {
-    "message": "Incorrect password"
+    "message": "密碼錯誤"
   },
   "incorrectCode": {
-    "message": "Incorrect code"
+    "message": "錯誤驗證碼"
   },
   "incorrectPin": {
-    "message": "Incorrect PIN"
+    "message": "PIN 碼錯誤"
   },
   "multifactorAuthenticationFailed": {
     "message": "多因素驗證失敗"
@@ -2919,7 +2913,7 @@
     "message": "切換帳戶"
   },
   "switchAccounts": {
-    "message": "Switch accounts"
+    "message": "切換帳號"
   },
   "switchToAccount": {
     "message": "切換帳戶"
@@ -2991,7 +2985,7 @@
     "description": "Description for the dialog that appears when the user has not granted the extension permission to set privacy settings"
   },
   "makeDefault": {
-    "message": "Make default",
+    "message": "設為預設",
     "description": "Button text for the setting that allows overriding the default browser autofill settings"
   },
   "saveCipherAttemptSuccess": {
diff --git a/apps/browser/src/auth/background/service-factories/auth-service.factory.ts b/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
index d0a4d2db1b..f600efa18d 100644
--- a/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
@@ -15,21 +15,26 @@ import {
   factory,
 } from "../../../platform/background/service-factories/factory-options";
 import {
-  messagingServiceFactory,
   MessagingServiceInitOptions,
+  messagingServiceFactory,
 } from "../../../platform/background/service-factories/messaging-service.factory";
 import {
   StateServiceInitOptions,
   stateServiceFactory,
 } from "../../../platform/background/service-factories/state-service.factory";
 
+import { AccountServiceInitOptions, accountServiceFactory } from "./account-service.factory";
+import { TokenServiceInitOptions, tokenServiceFactory } from "./token-service.factory";
+
 type AuthServiceFactoryOptions = FactoryOptions;
 
 export type AuthServiceInitOptions = AuthServiceFactoryOptions &
+  AccountServiceInitOptions &
   MessagingServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
-  StateServiceInitOptions;
+  StateServiceInitOptions &
+  TokenServiceInitOptions;
 
 export function authServiceFactory(
   cache: { authService?: AbstractAuthService } & CachedServices,
@@ -41,10 +46,12 @@ export function authServiceFactory(
     opts,
     async () =>
       new AuthService(
+        await accountServiceFactory(cache, opts),
         await messagingServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await stateServiceFactory(cache, opts),
+        await tokenServiceFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts b/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts
index 6b8d3c09e3..cac6f9bbe8 100644
--- a/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts
@@ -39,9 +39,18 @@ import {
   platformUtilsServiceFactory,
 } from "../../../platform/background/service-factories/platform-utils-service.factory";
 import {
-  StateServiceInitOptions,
-  stateServiceFactory,
-} from "../../../platform/background/service-factories/state-service.factory";
+  StateProviderInitOptions,
+  stateProviderFactory,
+} from "../../../platform/background/service-factories/state-provider.factory";
+import {
+  SecureStorageServiceInitOptions,
+  secureStorageServiceFactory,
+} from "../../../platform/background/service-factories/storage-service.factory";
+
+import {
+  UserDecryptionOptionsServiceInitOptions,
+  userDecryptionOptionsServiceFactory,
+} from "./user-decryption-options-service.factory";
 
 type DeviceTrustCryptoServiceFactoryOptions = FactoryOptions;
 
@@ -50,11 +59,13 @@ export type DeviceTrustCryptoServiceInitOptions = DeviceTrustCryptoServiceFactor
   CryptoFunctionServiceInitOptions &
   CryptoServiceInitOptions &
   EncryptServiceInitOptions &
-  StateServiceInitOptions &
   AppIdServiceInitOptions &
   DevicesApiServiceInitOptions &
   I18nServiceInitOptions &
-  PlatformUtilsServiceInitOptions;
+  PlatformUtilsServiceInitOptions &
+  StateProviderInitOptions &
+  SecureStorageServiceInitOptions &
+  UserDecryptionOptionsServiceInitOptions;
 
 export function deviceTrustCryptoServiceFactory(
   cache: { deviceTrustCryptoService?: DeviceTrustCryptoServiceAbstraction } & CachedServices,
@@ -70,11 +81,13 @@ export function deviceTrustCryptoServiceFactory(
         await cryptoFunctionServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await encryptServiceFactory(cache, opts),
-        await stateServiceFactory(cache, opts),
         await appIdServiceFactory(cache, opts),
         await devicesApiServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
         await platformUtilsServiceFactory(cache, opts),
+        await stateProviderFactory(cache, opts),
+        await secureStorageServiceFactory(cache, opts),
+        await userDecryptionOptionsServiceFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts b/apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts
index 5fd1866c83..4a0dd07b32 100644
--- a/apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts
@@ -27,9 +27,9 @@ import {
   LogServiceInitOptions,
 } from "../../../platform/background/service-factories/log-service.factory";
 import {
-  stateServiceFactory,
-  StateServiceInitOptions,
-} from "../../../platform/background/service-factories/state-service.factory";
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../../platform/background/service-factories/state-provider.factory";
 
 import { TokenServiceInitOptions, tokenServiceFactory } from "./token-service.factory";
 
@@ -40,13 +40,13 @@ type KeyConnectorServiceFactoryOptions = FactoryOptions & {
 };
 
 export type KeyConnectorServiceInitOptions = KeyConnectorServiceFactoryOptions &
-  StateServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
   TokenServiceInitOptions &
   LogServiceInitOptions &
   OrganizationServiceInitOptions &
-  KeyGenerationServiceInitOptions;
+  KeyGenerationServiceInitOptions &
+  StateProviderInitOptions;
 
 export function keyConnectorServiceFactory(
   cache: { keyConnectorService?: AbstractKeyConnectorService } & CachedServices,
@@ -58,7 +58,6 @@ export function keyConnectorServiceFactory(
     opts,
     async () =>
       new KeyConnectorService(
-        await stateServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),
@@ -66,6 +65,7 @@ export function keyConnectorServiceFactory(
         await organizationServiceFactory(cache, opts),
         await keyGenerationServiceFactory(cache, opts),
         opts.keyConnectorServiceOptions.logoutCallback,
+        await stateProviderFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/auth/background/service-factories/login-email-service.factory.ts b/apps/browser/src/auth/background/service-factories/login-email-service.factory.ts
new file mode 100644
index 0000000000..6e98a9a886
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/login-email-service.factory.ts
@@ -0,0 +1,28 @@
+import { LoginEmailServiceAbstraction, LoginEmailService } from "@bitwarden/auth/common";
+
+import {
+  CachedServices,
+  factory,
+  FactoryOptions,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../../platform/background/service-factories/state-provider.factory";
+
+type LoginEmailServiceFactoryOptions = FactoryOptions;
+
+export type LoginEmailServiceInitOptions = LoginEmailServiceFactoryOptions &
+  StateProviderInitOptions;
+
+export function loginEmailServiceFactory(
+  cache: { loginEmailService?: LoginEmailServiceAbstraction } & CachedServices,
+  opts: LoginEmailServiceInitOptions,
+): Promise<LoginEmailServiceAbstraction> {
+  return factory(
+    cache,
+    "loginEmailService",
+    opts,
+    async () => new LoginEmailService(await stateProviderFactory(cache, opts)),
+  );
+}
diff --git a/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts b/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts
index b0ae87a75f..2cc4692ca9 100644
--- a/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts
@@ -9,7 +9,10 @@ import {
   ApiServiceInitOptions,
 } from "../../../platform/background/service-factories/api-service.factory";
 import { appIdServiceFactory } from "../../../platform/background/service-factories/app-id-service.factory";
-import { billingAccountProfileStateServiceFactory } from "../../../platform/background/service-factories/billing-account-profile-state-service.factory";
+import {
+  billingAccountProfileStateServiceFactory,
+  BillingAccountProfileStateServiceInitOptions,
+} from "../../../platform/background/service-factories/billing-account-profile-state-service.factory";
 import {
   CryptoServiceInitOptions,
   cryptoServiceFactory,
@@ -70,6 +73,10 @@ import {
 } from "./key-connector-service.factory";
 import { tokenServiceFactory, TokenServiceInitOptions } from "./token-service.factory";
 import { twoFactorServiceFactory, TwoFactorServiceInitOptions } from "./two-factor-service.factory";
+import {
+  internalUserDecryptionOptionServiceFactory,
+  UserDecryptionOptionsServiceInitOptions,
+} from "./user-decryption-options-service.factory";
 
 type LoginStrategyServiceFactoryOptions = FactoryOptions;
 
@@ -90,7 +97,9 @@ export type LoginStrategyServiceInitOptions = LoginStrategyServiceFactoryOptions
   PasswordStrengthServiceInitOptions &
   DeviceTrustCryptoServiceInitOptions &
   AuthRequestServiceInitOptions &
-  GlobalStateProviderInitOptions;
+  UserDecryptionOptionsServiceInitOptions &
+  GlobalStateProviderInitOptions &
+  BillingAccountProfileStateServiceInitOptions;
 
 export function loginStrategyServiceFactory(
   cache: { loginStrategyService?: LoginStrategyServiceAbstraction } & CachedServices,
@@ -119,6 +128,7 @@ export function loginStrategyServiceFactory(
         await policyServiceFactory(cache, opts),
         await deviceTrustCryptoServiceFactory(cache, opts),
         await authRequestServiceFactory(cache, opts),
+        await internalUserDecryptionOptionServiceFactory(cache, opts),
         await globalStateProviderFactory(cache, opts),
         await billingAccountProfileStateServiceFactory(cache, opts),
       ),
diff --git a/apps/browser/src/auth/background/service-factories/token-service.factory.ts b/apps/browser/src/auth/background/service-factories/token-service.factory.ts
index 25c30460f0..ba42998209 100644
--- a/apps/browser/src/auth/background/service-factories/token-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/token-service.factory.ts
@@ -1,6 +1,10 @@
 import { TokenService as AbstractTokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
 
+import {
+  EncryptServiceInitOptions,
+  encryptServiceFactory,
+} from "../../../platform/background/service-factories/encrypt-service.factory";
 import {
   FactoryOptions,
   CachedServices,
@@ -10,6 +14,14 @@ import {
   GlobalStateProviderInitOptions,
   globalStateProviderFactory,
 } from "../../../platform/background/service-factories/global-state-provider.factory";
+import {
+  KeyGenerationServiceInitOptions,
+  keyGenerationServiceFactory,
+} from "../../../platform/background/service-factories/key-generation-service.factory";
+import {
+  LogServiceInitOptions,
+  logServiceFactory,
+} from "../../../platform/background/service-factories/log-service.factory";
 import {
   PlatformUtilsServiceInitOptions,
   platformUtilsServiceFactory,
@@ -29,7 +41,10 @@ export type TokenServiceInitOptions = TokenServiceFactoryOptions &
   SingleUserStateProviderInitOptions &
   GlobalStateProviderInitOptions &
   PlatformUtilsServiceInitOptions &
-  SecureStorageServiceInitOptions;
+  SecureStorageServiceInitOptions &
+  KeyGenerationServiceInitOptions &
+  EncryptServiceInitOptions &
+  LogServiceInitOptions;
 
 export function tokenServiceFactory(
   cache: { tokenService?: AbstractTokenService } & CachedServices,
@@ -45,6 +60,9 @@ export function tokenServiceFactory(
         await globalStateProviderFactory(cache, opts),
         (await platformUtilsServiceFactory(cache, opts)).supportsSecureStorage(),
         await secureStorageServiceFactory(cache, opts),
+        await keyGenerationServiceFactory(cache, opts),
+        await encryptServiceFactory(cache, opts),
+        await logServiceFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/auth/background/service-factories/user-decryption-options-service.factory.ts b/apps/browser/src/auth/background/service-factories/user-decryption-options-service.factory.ts
new file mode 100644
index 0000000000..549639a3c7
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/user-decryption-options-service.factory.ts
@@ -0,0 +1,46 @@
+import {
+  InternalUserDecryptionOptionsServiceAbstraction,
+  UserDecryptionOptionsService,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
+
+import {
+  CachedServices,
+  factory,
+  FactoryOptions,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../../platform/background/service-factories/state-provider.factory";
+
+type UserDecryptionOptionsServiceFactoryOptions = FactoryOptions;
+
+export type UserDecryptionOptionsServiceInitOptions = UserDecryptionOptionsServiceFactoryOptions &
+  StateProviderInitOptions;
+
+export function userDecryptionOptionsServiceFactory(
+  cache: {
+    userDecryptionOptionsService?: InternalUserDecryptionOptionsServiceAbstraction;
+  } & CachedServices,
+  opts: UserDecryptionOptionsServiceInitOptions,
+): Promise<UserDecryptionOptionsServiceAbstraction> {
+  return factory(
+    cache,
+    "userDecryptionOptionsService",
+    opts,
+    async () => new UserDecryptionOptionsService(await stateProviderFactory(cache, opts)),
+  );
+}
+
+export async function internalUserDecryptionOptionServiceFactory(
+  cache: {
+    userDecryptionOptionsService?: InternalUserDecryptionOptionsServiceAbstraction;
+  } & CachedServices,
+  opts: UserDecryptionOptionsServiceInitOptions,
+): Promise<InternalUserDecryptionOptionsServiceAbstraction> {
+  return (await userDecryptionOptionsServiceFactory(
+    cache,
+    opts,
+  )) as InternalUserDecryptionOptionsServiceAbstraction;
+}
diff --git a/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts b/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
index ff08ddf689..e8be9099ca 100644
--- a/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
@@ -32,6 +32,10 @@ import {
 } from "../../../platform/background/service-factories/state-service.factory";
 
 import { PinCryptoServiceInitOptions, pinCryptoServiceFactory } from "./pin-crypto-service.factory";
+import {
+  userDecryptionOptionsServiceFactory,
+  UserDecryptionOptionsServiceInitOptions,
+} from "./user-decryption-options-service.factory";
 import {
   UserVerificationApiServiceInitOptions,
   userVerificationApiServiceFactory,
@@ -44,6 +48,7 @@ export type UserVerificationServiceInitOptions = UserVerificationServiceFactoryO
   CryptoServiceInitOptions &
   I18nServiceInitOptions &
   UserVerificationApiServiceInitOptions &
+  UserDecryptionOptionsServiceInitOptions &
   PinCryptoServiceInitOptions &
   LogServiceInitOptions &
   VaultTimeoutSettingsServiceInitOptions &
@@ -63,6 +68,7 @@ export function userVerificationServiceFactory(
         await cryptoServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
         await userVerificationApiServiceFactory(cache, opts),
+        await userDecryptionOptionsServiceFactory(cache, opts),
         await pinCryptoServiceFactory(cache, opts),
         await logServiceFactory(cache, opts),
         await vaultTimeoutSettingsServiceFactory(cache, opts),
diff --git a/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.ts b/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.ts
index cf78f2ff91..32ebee7c75 100644
--- a/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.ts
+++ b/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.ts
@@ -65,7 +65,7 @@ export class AccountSwitcherService {
               name: account.name ?? account.email,
               email: account.email,
               id: id,
-              server: await this.environmentService.getHost(id),
+              server: (await this.environmentService.getEnvironment(id))?.getHostname(),
               status: account.status,
               isActive: id === activeAccount?.id,
               avatarColor: await firstValueFrom(
diff --git a/apps/browser/src/auth/popup/hint.component.ts b/apps/browser/src/auth/popup/hint.component.ts
index a1f79cd457..214a43efb7 100644
--- a/apps/browser/src/auth/popup/hint.component.ts
+++ b/apps/browser/src/auth/popup/hint.component.ts
@@ -2,8 +2,8 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { HintComponent as BaseHintComponent } from "@bitwarden/angular/auth/components/hint.component";
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -20,9 +20,9 @@ export class HintComponent extends BaseHintComponent {
     apiService: ApiService,
     logService: LogService,
     private route: ActivatedRoute,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
   ) {
-    super(router, i18nService, apiService, platformUtilsService, logService, loginService);
+    super(router, i18nService, apiService, platformUtilsService, logService, loginEmailService);
 
     super.onSuccessfulSubmit = async () => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
diff --git a/apps/browser/src/auth/popup/home.component.html b/apps/browser/src/auth/popup/home.component.html
index f70a4c6d03..8e23d96c49 100644
--- a/apps/browser/src/auth/popup/home.component.html
+++ b/apps/browser/src/auth/popup/home.component.html
@@ -30,7 +30,7 @@
     </form>
     <p class="createAccountLink">
       {{ "newAroundHere" | i18n }}
-      <a routerLink="/register" (click)="setFormValues()">{{ "createAccount" | i18n }}</a>
+      <a routerLink="/register" (click)="setLoginEmailValues()">{{ "createAccount" | i18n }}</a>
     </p>
   </div>
 </div>
diff --git a/apps/browser/src/auth/popup/home.component.ts b/apps/browser/src/auth/popup/home.component.ts
index b5598f13f7..db83736be8 100644
--- a/apps/browser/src/auth/popup/home.component.ts
+++ b/apps/browser/src/auth/popup/home.component.ts
@@ -1,14 +1,13 @@
 import { Component, OnDestroy, OnInit, ViewChild } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
 import { Router } from "@angular/router";
-import { Subject, takeUntil } from "rxjs";
+import { Subject, firstValueFrom, takeUntil } from "rxjs";
 
 import { EnvironmentSelectorComponent } from "@bitwarden/angular/auth/components/environment-selector.component";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
 import { AccountSwitcherService } from "./account-switching/services/account-switcher.service";
 
@@ -29,38 +28,32 @@ export class HomeComponent implements OnInit, OnDestroy {
 
   constructor(
     protected platformUtilsService: PlatformUtilsService,
-    private stateService: StateService,
     private formBuilder: FormBuilder,
     private router: Router,
     private i18nService: I18nService,
     private environmentService: EnvironmentService,
-    private loginService: LoginService,
+    private loginEmailService: LoginEmailServiceAbstraction,
     private accountSwitcherService: AccountSwitcherService,
   ) {}
 
   async ngOnInit(): Promise<void> {
-    let savedEmail = this.loginService.getEmail();
-    const rememberEmail = this.loginService.getRememberEmail();
+    const email = this.loginEmailService.getEmail();
+    const rememberEmail = this.loginEmailService.getRememberEmail();
 
-    if (savedEmail != null) {
-      this.formGroup.patchValue({
-        email: savedEmail,
-        rememberEmail: rememberEmail,
-      });
+    if (email != null) {
+      this.formGroup.patchValue({ email, rememberEmail });
     } else {
-      savedEmail = await this.stateService.getRememberedEmail();
-      if (savedEmail != null) {
-        this.formGroup.patchValue({
-          email: savedEmail,
-          rememberEmail: true,
-        });
+      const storedEmail = await firstValueFrom(this.loginEmailService.storedEmail$);
+
+      if (storedEmail != null) {
+        this.formGroup.patchValue({ email: storedEmail, rememberEmail: true });
       }
     }
 
     this.environmentSelector.onOpenSelfHostedSettings
       .pipe(takeUntil(this.destroyed$))
       .subscribe(() => {
-        this.setFormValues();
+        this.setLoginEmailValues();
         // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
         this.router.navigate(["environment"]);
@@ -76,8 +69,9 @@ export class HomeComponent implements OnInit, OnDestroy {
     return this.accountSwitcherService.availableAccounts$;
   }
 
-  submit() {
+  async submit() {
     this.formGroup.markAllAsTouched();
+
     if (this.formGroup.invalid) {
       this.platformUtilsService.showToast(
         "error",
@@ -87,19 +81,12 @@ export class HomeComponent implements OnInit, OnDestroy {
       return;
     }
 
-    this.loginService.setEmail(this.formGroup.value.email);
-    this.loginService.setRememberEmail(this.formGroup.value.rememberEmail);
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.router.navigate(["login"], { queryParams: { email: this.formGroup.value.email } });
+    this.setLoginEmailValues();
+    await this.router.navigate(["login"], { queryParams: { email: this.formGroup.value.email } });
   }
 
-  get selfHostedDomain() {
-    return this.environmentService.hasBaseUrl() ? this.environmentService.getWebVaultUrl() : null;
-  }
-
-  setFormValues() {
-    this.loginService.setEmail(this.formGroup.value.email);
-    this.loginService.setRememberEmail(this.formGroup.value.rememberEmail);
+  setLoginEmailValues() {
+    this.loginEmailService.setEmail(this.formGroup.value.email);
+    this.loginEmailService.setRememberEmail(this.formGroup.value.rememberEmail);
   }
 }
diff --git a/apps/browser/src/auth/popup/lock.component.ts b/apps/browser/src/auth/popup/lock.component.ts
index f2c56a23ae..f232eca45a 100644
--- a/apps/browser/src/auth/popup/lock.component.ts
+++ b/apps/browser/src/auth/popup/lock.component.ts
@@ -9,6 +9,7 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaul
 import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
@@ -62,6 +63,7 @@ export class LockComponent extends BaseLockComponent {
     pinCryptoService: PinCryptoServiceAbstraction,
     private routerService: BrowserRouterService,
     biometricStateService: BiometricStateService,
+    accountService: AccountService,
   ) {
     super(
       router,
@@ -84,6 +86,7 @@ export class LockComponent extends BaseLockComponent {
       userVerificationService,
       pinCryptoService,
       biometricStateService,
+      accountService,
     );
     this.successRoute = "/tabs/current";
     this.isInitialLockScreen = (window as any).previousPopupUrl == null;
diff --git a/apps/browser/src/auth/popup/login-via-auth-request.component.ts b/apps/browser/src/auth/popup/login-via-auth-request.component.ts
index a22636389a..52f311ce7b 100644
--- a/apps/browser/src/auth/popup/login-via-auth-request.component.ts
+++ b/apps/browser/src/auth/popup/login-via-auth-request.component.ts
@@ -1,17 +1,18 @@
 import { Location } from "@angular/common";
-import { Component, OnDestroy, OnInit } from "@angular/core";
+import { Component } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { LoginViaAuthRequestComponent as BaseLoginWithDeviceComponent } from "@bitwarden/angular/auth/components/login-via-auth-request.component";
 import {
   AuthRequestServiceAbstraction,
   LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -28,10 +29,7 @@ import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.serv
   selector: "app-login-via-auth-request",
   templateUrl: "login-via-auth-request.component.html",
 })
-export class LoginViaAuthRequestComponent
-  extends BaseLoginWithDeviceComponent
-  implements OnInit, OnDestroy
-{
+export class LoginViaAuthRequestComponent extends BaseLoginWithDeviceComponent {
   constructor(
     router: Router,
     cryptoService: CryptoService,
@@ -47,11 +45,12 @@ export class LoginViaAuthRequestComponent
     anonymousHubService: AnonymousHubService,
     validationService: ValidationService,
     stateService: StateService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
     syncService: SyncService,
     deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     authRequestService: AuthRequestServiceAbstraction,
     loginStrategyService: LoginStrategyServiceAbstraction,
+    accountService: AccountService,
     private location: Location,
   ) {
     super(
@@ -69,10 +68,11 @@ export class LoginViaAuthRequestComponent
       anonymousHubService,
       validationService,
       stateService,
-      loginService,
+      loginEmailService,
       deviceTrustCryptoService,
       authRequestService,
       loginStrategyService,
+      accountService,
     );
     super.onSuccessfulLogin = async () => {
       await syncService.fullSync(true);
diff --git a/apps/browser/src/auth/popup/login.component.html b/apps/browser/src/auth/popup/login.component.html
index f6ebb747f7..b24a25a0f1 100644
--- a/apps/browser/src/auth/popup/login.component.html
+++ b/apps/browser/src/auth/popup/login.component.html
@@ -52,7 +52,7 @@
         </div>
       </div>
       <div class="box-footer">
-        <button type="button" class="btn link" routerLink="/hint" (click)="setFormValues()">
+        <button type="button" class="btn link" routerLink="/hint" (click)="setLoginEmailValues()">
           <b>{{ "getMasterPasswordHint" | i18n }}</b>
         </button>
       </div>
diff --git a/apps/browser/src/auth/popup/login.component.ts b/apps/browser/src/auth/popup/login.component.ts
index c1dd952658..ff0ee8a392 100644
--- a/apps/browser/src/auth/popup/login.component.ts
+++ b/apps/browser/src/auth/popup/login.component.ts
@@ -1,12 +1,15 @@
 import { Component, NgZone } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
@@ -45,7 +48,7 @@ export class LoginComponent extends BaseLoginComponent {
     formBuilder: FormBuilder,
     formValidationErrorService: FormValidationErrorsService,
     route: ActivatedRoute,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     webAuthnLoginService: WebAuthnLoginServiceAbstraction,
   ) {
@@ -65,7 +68,7 @@ export class LoginComponent extends BaseLoginComponent {
       formBuilder,
       formValidationErrorService,
       route,
-      loginService,
+      loginEmailService,
       ssoLoginService,
       webAuthnLoginService,
     );
@@ -76,8 +79,8 @@ export class LoginComponent extends BaseLoginComponent {
     this.showPasswordless = flagEnabled("showPasswordless");
 
     if (this.showPasswordless) {
-      this.formGroup.controls.email.setValue(this.loginService.getEmail());
-      this.formGroup.controls.rememberEmail.setValue(this.loginService.getRememberEmail());
+      this.formGroup.controls.email.setValue(this.loginEmailService.getEmail());
+      this.formGroup.controls.rememberEmail.setValue(this.loginEmailService.getRememberEmail());
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises
       this.validateEmail();
@@ -93,7 +96,7 @@ export class LoginComponent extends BaseLoginComponent {
   async launchSsoBrowser() {
     // Save off email for SSO
     await this.ssoLoginService.setSsoEmail(this.formGroup.value.email);
-    await this.loginService.saveEmailSettings();
+    await this.loginEmailService.saveEmailSettings();
     // Generate necessary sso params
     const passwordOptions: any = {
       type: "password",
@@ -114,7 +117,8 @@ export class LoginComponent extends BaseLoginComponent {
     await this.ssoLoginService.setCodeVerifier(codeVerifier);
     await this.ssoLoginService.setSsoState(state);
 
-    let url = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    let url = env.getWebVaultUrl();
     if (url == null) {
       url = "https://vault.bitwarden.com";
     }
diff --git a/apps/browser/src/auth/popup/services/unauth-guard.service.ts b/apps/browser/src/auth/popup/services/unauth-guard.service.ts
index 062239a7d3..0fbb4ac9ba 100644
--- a/apps/browser/src/auth/popup/services/unauth-guard.service.ts
+++ b/apps/browser/src/auth/popup/services/unauth-guard.service.ts
@@ -1,8 +1,5 @@
-import { Injectable } from "@angular/core";
-
 import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards";
 
-@Injectable()
 export class UnauthGuardService extends BaseUnauthGuardService {
   protected homepage = "tabs/current";
 }
diff --git a/apps/browser/src/auth/popup/set-password.component.ts b/apps/browser/src/auth/popup/set-password.component.ts
index ac98966b4a..ea1cacc7ac 100644
--- a/apps/browser/src/auth/popup/set-password.component.ts
+++ b/apps/browser/src/auth/popup/set-password.component.ts
@@ -2,6 +2,7 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/auth/components/set-password.component";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
@@ -37,6 +38,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent {
     route: ActivatedRoute,
     organizationApiService: OrganizationApiServiceAbstraction,
     organizationUserService: OrganizationUserService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     dialogService: DialogService,
   ) {
@@ -55,6 +57,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent {
       stateService,
       organizationApiService,
       organizationUserService,
+      userDecryptionOptionsService,
       ssoLoginService,
       dialogService,
     );
diff --git a/apps/browser/src/auth/popup/sso.component.ts b/apps/browser/src/auth/popup/sso.component.ts
index 19d7977819..228c7401fd 100644
--- a/apps/browser/src/auth/popup/sso.component.ts
+++ b/apps/browser/src/auth/popup/sso.component.ts
@@ -1,14 +1,18 @@
 import { Component, Inject } from "@angular/core";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SsoComponent as BaseSsoComponent } from "@bitwarden/angular/auth/components/sso.component";
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -39,7 +43,8 @@ export class SsoComponent extends BaseSsoComponent {
     syncService: SyncService,
     environmentService: EnvironmentService,
     logService: LogService,
-    configService: ConfigServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+    configService: ConfigService,
     protected authService: AuthService,
     @Inject(WINDOW) private win: Window,
   ) {
@@ -56,12 +61,13 @@ export class SsoComponent extends BaseSsoComponent {
       environmentService,
       passwordGenerationService,
       logService,
+      userDecryptionOptionsService,
       configService,
     );
 
-    const url = this.environmentService.getWebVaultUrl();
-
-    this.redirectUri = url + "/sso-connector.html";
+    environmentService.environment$.pipe(takeUntilDestroyed()).subscribe((env) => {
+      this.redirectUri = env.getWebVaultUrl() + "/sso-connector.html";
+    });
     this.clientId = "browser";
 
     super.onSuccessfulLogin = async () => {
diff --git a/apps/browser/src/auth/popup/two-factor.component.ts b/apps/browser/src/auth/popup/two-factor.component.ts
index e511122f9a..dd541f63f8 100644
--- a/apps/browser/src/auth/popup/two-factor.component.ts
+++ b/apps/browser/src/auth/popup/two-factor.component.ts
@@ -1,19 +1,22 @@
 import { Component, Inject } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-import { Subject, Subscription } from "rxjs";
+import { Subject, Subscription, firstValueFrom } from "rxjs";
 import { filter, first, takeUntil } from "rxjs/operators";
 
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -54,8 +57,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     logService: LogService,
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
-    loginService: LoginService,
-    configService: ConfigServiceAbstraction,
+    loginEmailService: LoginEmailServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+    configService: ConfigService,
     ssoLoginService: SsoLoginServiceAbstraction,
     private dialogService: DialogService,
     @Inject(WINDOW) protected win: Window,
@@ -74,7 +78,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       logService,
       twoFactorService,
       appIdService,
-      loginService,
+      loginEmailService,
+      userDecryptionOptionsService,
       ssoLoginService,
       configService,
     );
@@ -220,7 +225,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     }
   }
 
-  override launchDuoFrameless() {
+  override async launchDuoFrameless() {
     const duoHandOffMessage = {
       title: this.i18nService.t("youSuccessfullyLoggedIn"),
       message: this.i18nService.t("youMayCloseThisWindow"),
@@ -229,8 +234,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
 
     // we're using the connector here as a way to set a cookie with translations
     // before continuing to the duo frameless url
+    const env = await firstValueFrom(this.environmentService.environment$);
     const launchUrl =
-      this.environmentService.getWebVaultUrl() +
+      env.getWebVaultUrl() +
       "/duo-redirect-connector.html" +
       "?duoFramelessUrl=" +
       encodeURIComponent(this.duoFramelessUrl) +
diff --git a/apps/browser/src/autofill/background/abstractions/notification.background.ts b/apps/browser/src/autofill/background/abstractions/notification.background.ts
index ab704a1d37..ac40bb315b 100644
--- a/apps/browser/src/autofill/background/abstractions/notification.background.ts
+++ b/apps/browser/src/autofill/background/abstractions/notification.background.ts
@@ -113,7 +113,7 @@ type NotificationBackgroundExtensionMessageHandlers = {
   bgGetEnableChangedPasswordPrompt: () => Promise<boolean>;
   bgGetEnableAddedLoginPrompt: () => Promise<boolean>;
   bgGetExcludedDomains: () => Promise<NeverDomains>;
-  getWebVaultUrlForNotification: () => string;
+  getWebVaultUrlForNotification: () => Promise<string>;
 };
 
 export {
diff --git a/apps/browser/src/autofill/background/notification.background.spec.ts b/apps/browser/src/autofill/background/notification.background.spec.ts
index 0674958d65..e242e0961b 100644
--- a/apps/browser/src/autofill/background/notification.background.spec.ts
+++ b/apps/browser/src/autofill/background/notification.background.spec.ts
@@ -1,13 +1,14 @@
 import { mock } from "jest-mock-extended";
-import { firstValueFrom } from "rxjs";
+import { BehaviorSubject, firstValueFrom } from "rxjs";
 
 import { PolicyService } from "@bitwarden/common/admin-console/services/policy/policy.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
 import { DomainSettingsService } from "@bitwarden/common/autofill/services/domain-settings.service";
 import { UserNotificationSettingsService } from "@bitwarden/common/autofill/services/user-notification-settings.service";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { SelfHostedEnvironment } from "@bitwarden/common/platform/services/default-environment.service";
 import { ThemeStateService } from "@bitwarden/common/platform/theming/theme-state.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
@@ -1348,16 +1349,21 @@ describe("NotificationBackground", () => {
         const message: NotificationBackgroundExtensionMessage = {
           command: "getWebVaultUrlForNotification",
         };
-        const webVaultUrl = "https://example.com";
+        const env = new SelfHostedEnvironment({ webVault: "https://example.com" });
+
+        Object.defineProperty(environmentService, "environment$", {
+          configurable: true,
+          get: () => null,
+        });
+
         const environmentServiceSpy = jest
-          .spyOn(environmentService, "getWebVaultUrl")
-          .mockReturnValueOnce(webVaultUrl);
+          .spyOn(environmentService as any, "environment$", "get")
+          .mockReturnValue(new BehaviorSubject(env).asObservable());
 
         sendExtensionRuntimeMessage(message);
         await flushPromises();
 
         expect(environmentServiceSpy).toHaveBeenCalled();
-        expect(environmentServiceSpy).toHaveReturnedWith(webVaultUrl);
       });
     });
   });
diff --git a/apps/browser/src/autofill/background/notification.background.ts b/apps/browser/src/autofill/background/notification.background.ts
index bdf2c9b8ba..1fe3dd4f60 100644
--- a/apps/browser/src/autofill/background/notification.background.ts
+++ b/apps/browser/src/autofill/background/notification.background.ts
@@ -165,6 +165,7 @@ export default class NotificationBackground {
     notificationQueueMessage: NotificationQueueMessageItem,
   ) {
     const notificationType = notificationQueueMessage.type;
+
     const typeData: Record<string, any> = {
       isVaultLocked: notificationQueueMessage.wasVaultLocked,
       theme: await firstValueFrom(this.themeStateService.selectedTheme$),
@@ -655,8 +656,9 @@ export default class NotificationBackground {
     return await firstValueFrom(this.folderService.folderViews$);
   }
 
-  private getWebVaultUrl(): string {
-    return this.environmentService.getWebVaultUrl();
+  private async getWebVaultUrl(): Promise<string> {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    return env.getWebVaultUrl();
   }
 
   private async removeIndividualVault(): Promise<boolean> {
diff --git a/apps/browser/src/autofill/background/overlay.background.spec.ts b/apps/browser/src/autofill/background/overlay.background.spec.ts
index d7156f4272..4a80fd0fa8 100644
--- a/apps/browser/src/autofill/background/overlay.background.spec.ts
+++ b/apps/browser/src/autofill/background/overlay.background.spec.ts
@@ -1,5 +1,5 @@
 import { mock, mockReset } from "jest-mock-extended";
-import { of } from "rxjs";
+import { BehaviorSubject, of } from "rxjs";
 
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
@@ -12,9 +12,13 @@ import {
   DefaultDomainSettingsService,
   DomainSettingsService,
 } from "@bitwarden/common/autofill/services/domain-settings.service";
+import {
+  EnvironmentService,
+  Region,
+} from "@bitwarden/common/platform/abstractions/environment.service";
 import { ThemeType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { CloudEnvironment } from "@bitwarden/common/platform/services/default-environment.service";
 import { I18nService } from "@bitwarden/common/platform/services/i18n.service";
 import { ThemeStateService } from "@bitwarden/common/platform/theming/theme-state.service";
 import {
@@ -48,8 +52,6 @@ import {
 
 import OverlayBackground from "./overlay.background";
 
-const iconServerUrl = "https://icons.bitwarden.com/";
-
 describe("OverlayBackground", () => {
   const mockUserId = Utils.newGuid() as UserId;
   const accountService: FakeAccountService = mockAccountServiceWith(mockUserId);
@@ -61,9 +63,15 @@ describe("OverlayBackground", () => {
   const cipherService = mock<CipherService>();
   const autofillService = mock<AutofillService>();
   const authService = mock<AuthService>();
-  const environmentService = mock<EnvironmentService>({
-    getIconsUrl: () => iconServerUrl,
-  });
+
+  const environmentService = mock<EnvironmentService>();
+  environmentService.environment$ = new BehaviorSubject(
+    new CloudEnvironment({
+      key: Region.US,
+      domain: "bitwarden.com",
+      urls: { icons: "https://icons.bitwarden.com/" },
+    }),
+  );
   const stateService = mock<BrowserStateService>();
   const autofillSettingsService = mock<AutofillSettingsService>();
   const i18nService = mock<I18nService>();
@@ -117,7 +125,8 @@ describe("OverlayBackground", () => {
   describe("removePageDetails", () => {
     it("removes the page details for a specific tab from the pageDetailsForTab object", () => {
       const tabId = 1;
-      overlayBackground["pageDetailsForTab"][tabId] = [createPageDetailMock()];
+      const frameId = 2;
+      overlayBackground["pageDetailsForTab"][tabId] = new Map([[frameId, createPageDetailMock()]]);
       overlayBackground.removePageDetails(tabId);
 
       expect(overlayBackground["pageDetailsForTab"][tabId]).toBeUndefined();
@@ -856,29 +865,40 @@ describe("OverlayBackground", () => {
             sender,
           );
 
-          expect(overlayBackground["pageDetailsForTab"][sender.tab.id]).toStrictEqual([
-            { frameId: sender.frameId, tab: sender.tab, details: pageDetails1 },
-          ]);
+          expect(overlayBackground["pageDetailsForTab"][sender.tab.id]).toStrictEqual(
+            new Map([
+              [sender.frameId, { frameId: sender.frameId, tab: sender.tab, details: pageDetails1 }],
+            ]),
+          );
         });
 
         it("updates the page details for a tab that already has a set of page details stored ", () => {
-          overlayBackground["pageDetailsForTab"][sender.tab.id] = [
-            {
-              frameId: sender.frameId,
-              tab: sender.tab,
-              details: pageDetails1,
-            },
-          ];
+          const secondFrameSender = mock<chrome.runtime.MessageSender>({
+            tab: { id: 1 },
+            frameId: 3,
+          });
+          overlayBackground["pageDetailsForTab"][sender.tab.id] = new Map([
+            [sender.frameId, { frameId: sender.frameId, tab: sender.tab, details: pageDetails1 }],
+          ]);
 
           sendExtensionRuntimeMessage(
             { command: "collectPageDetailsResponse", details: pageDetails2 },
-            sender,
+            secondFrameSender,
           );
 
-          expect(overlayBackground["pageDetailsForTab"][sender.tab.id]).toStrictEqual([
-            { frameId: sender.frameId, tab: sender.tab, details: pageDetails1 },
-            { frameId: sender.frameId, tab: sender.tab, details: pageDetails2 },
-          ]);
+          expect(overlayBackground["pageDetailsForTab"][sender.tab.id]).toStrictEqual(
+            new Map([
+              [sender.frameId, { frameId: sender.frameId, tab: sender.tab, details: pageDetails1 }],
+              [
+                secondFrameSender.frameId,
+                {
+                  frameId: secondFrameSender.frameId,
+                  tab: secondFrameSender.tab,
+                  details: pageDetails2,
+                },
+              ],
+            ]),
+          );
         });
       });
 
@@ -1188,6 +1208,10 @@ describe("OverlayBackground", () => {
         let getLoginCiphersSpy: jest.SpyInstance;
         let isPasswordRepromptRequiredSpy: jest.SpyInstance;
         let doAutoFillSpy: jest.SpyInstance;
+        let sender: chrome.runtime.MessageSender;
+        const pageDetails = createAutofillPageDetailsMock({
+          login: { username: "username1", password: "password1" },
+        });
 
         beforeEach(() => {
           getLoginCiphersSpy = jest.spyOn(overlayBackground["overlayLoginCiphers"], "get");
@@ -1196,6 +1220,7 @@ describe("OverlayBackground", () => {
             "isPasswordRepromptRequired",
           );
           doAutoFillSpy = jest.spyOn(overlayBackground["autofillService"], "doAutoFill");
+          sender = mock<chrome.runtime.MessageSender>({ tab: { id: 1 } });
         });
 
         it("ignores the fill request if the overlay cipher id is not provided", async () => {
@@ -1207,12 +1232,27 @@ describe("OverlayBackground", () => {
           expect(doAutoFillSpy).not.toHaveBeenCalled();
         });
 
+        it("ignores the fill request if the tab does not contain any identified page details", async () => {
+          sendPortMessage(listPortSpy, {
+            command: "fillSelectedListItem",
+            overlayCipherId: "overlay-cipher-1",
+          });
+          await flushPromises();
+
+          expect(getLoginCiphersSpy).not.toHaveBeenCalled();
+          expect(isPasswordRepromptRequiredSpy).not.toHaveBeenCalled();
+          expect(doAutoFillSpy).not.toHaveBeenCalled();
+        });
+
         it("ignores the fill request if a master password reprompt is required", async () => {
           const cipher = mock<CipherView>({
             reprompt: CipherRepromptType.Password,
             type: CipherType.Login,
           });
           overlayBackground["overlayLoginCiphers"] = new Map([["overlay-cipher-1", cipher]]);
+          overlayBackground["pageDetailsForTab"][sender.tab.id] = new Map([
+            [sender.frameId, { frameId: sender.frameId, tab: sender.tab, details: pageDetails }],
+          ]);
           getLoginCiphersSpy = jest.spyOn(overlayBackground["overlayLoginCiphers"], "get");
           isPasswordRepromptRequiredSpy.mockResolvedValue(true);
 
@@ -1239,6 +1279,14 @@ describe("OverlayBackground", () => {
             ["overlay-cipher-2", cipher2],
             ["overlay-cipher-3", cipher3],
           ]);
+          const pageDetailsForTab = {
+            frameId: sender.frameId,
+            tab: sender.tab,
+            details: pageDetails,
+          };
+          overlayBackground["pageDetailsForTab"][sender.tab.id] = new Map([
+            [sender.frameId, pageDetailsForTab],
+          ]);
           isPasswordRepromptRequiredSpy.mockResolvedValue(false);
 
           sendPortMessage(listPortSpy, {
@@ -1254,7 +1302,7 @@ describe("OverlayBackground", () => {
           expect(doAutoFillSpy).toHaveBeenCalledWith({
             tab: listPortSpy.sender.tab,
             cipher: cipher2,
-            pageDetails: undefined,
+            pageDetails: [pageDetailsForTab],
             fillNewPassword: true,
             allowTotpAutofill: true,
           });
@@ -1270,6 +1318,9 @@ describe("OverlayBackground", () => {
         it("copies the cipher's totp code to the clipboard after filling", async () => {
           const cipher1 = mock<CipherView>({ id: "overlay-cipher-1" });
           overlayBackground["overlayLoginCiphers"] = new Map([["overlay-cipher-1", cipher1]]);
+          overlayBackground["pageDetailsForTab"][sender.tab.id] = new Map([
+            [sender.frameId, { frameId: sender.frameId, tab: sender.tab, details: pageDetails }],
+          ]);
           isPasswordRepromptRequiredSpy.mockResolvedValue(false);
           const copyToClipboardSpy = jest
             .spyOn(overlayBackground["platformUtilsService"], "copyToClipboard")
diff --git a/apps/browser/src/autofill/background/overlay.background.ts b/apps/browser/src/autofill/background/overlay.background.ts
index 297fee3592..d8b3df9fb2 100644
--- a/apps/browser/src/autofill/background/overlay.background.ts
+++ b/apps/browser/src/autofill/background/overlay.background.ts
@@ -47,13 +47,16 @@ class OverlayBackground implements OverlayBackgroundInterface {
   private readonly openViewVaultItemPopout = openViewVaultItemPopout;
   private readonly openAddEditVaultItemPopout = openAddEditVaultItemPopout;
   private overlayLoginCiphers: Map<string, CipherView> = new Map();
-  private pageDetailsForTab: Record<number, PageDetail[]> = {};
+  private pageDetailsForTab: Record<
+    chrome.runtime.MessageSender["tab"]["id"],
+    Map<chrome.runtime.MessageSender["frameId"], PageDetail>
+  > = {};
   private userAuthStatus: AuthenticationStatus = AuthenticationStatus.LoggedOut;
   private overlayButtonPort: chrome.runtime.Port;
   private overlayListPort: chrome.runtime.Port;
   private focusedFieldData: FocusedFieldData;
   private overlayPageTranslations: Record<string, string>;
-  private readonly iconsServerUrl: string;
+  private iconsServerUrl: string;
   private readonly extensionMessageHandlers: OverlayBackgroundExtensionMessageHandlers = {
     openAutofillOverlay: () => this.openOverlay(false),
     autofillOverlayElementClosed: ({ message }) => this.overlayElementClosed(message),
@@ -98,9 +101,7 @@ class OverlayBackground implements OverlayBackgroundInterface {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private themeStateService: ThemeStateService,
-  ) {
-    this.iconsServerUrl = this.environmentService.getIconsUrl();
-  }
+  ) {}
 
   /**
    * Removes cached page details for a tab
@@ -109,6 +110,11 @@ class OverlayBackground implements OverlayBackgroundInterface {
    * @param tabId - Used to reference the page details of a specific tab
    */
   removePageDetails(tabId: number) {
+    if (!this.pageDetailsForTab[tabId]) {
+      return;
+    }
+
+    this.pageDetailsForTab[tabId].clear();
     delete this.pageDetailsForTab[tabId];
   }
 
@@ -118,6 +124,8 @@ class OverlayBackground implements OverlayBackgroundInterface {
    */
   async init() {
     this.setupExtensionMessageListeners();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    this.iconsServerUrl = env.getIconsUrl();
     await this.getOverlayVisibility();
     await this.getAuthStatus();
   }
@@ -203,12 +211,13 @@ class OverlayBackground implements OverlayBackgroundInterface {
       details: message.details,
     };
 
-    if (this.pageDetailsForTab[sender.tab.id]?.length) {
-      this.pageDetailsForTab[sender.tab.id].push(pageDetails);
+    const pageDetailsMap = this.pageDetailsForTab[sender.tab.id];
+    if (!pageDetailsMap) {
+      this.pageDetailsForTab[sender.tab.id] = new Map([[sender.frameId, pageDetails]]);
       return;
     }
 
-    this.pageDetailsForTab[sender.tab.id] = [pageDetails];
+    pageDetailsMap.set(sender.frameId, pageDetails);
   }
 
   /**
@@ -222,7 +231,8 @@ class OverlayBackground implements OverlayBackgroundInterface {
     { overlayCipherId }: OverlayPortMessage,
     { sender }: chrome.runtime.Port,
   ) {
-    if (!overlayCipherId) {
+    const pageDetails = this.pageDetailsForTab[sender.tab.id];
+    if (!overlayCipherId || !pageDetails?.size) {
       return;
     }
 
@@ -234,7 +244,7 @@ class OverlayBackground implements OverlayBackgroundInterface {
     const totpCode = await this.autofillService.doAutoFill({
       tab: sender.tab,
       cipher: cipher,
-      pageDetails: this.pageDetailsForTab[sender.tab.id],
+      pageDetails: Array.from(pageDetails.values()),
       fillNewPassword: true,
       allowTotpAutofill: true,
     });
diff --git a/apps/browser/src/autofill/background/web-request.background.ts b/apps/browser/src/autofill/background/web-request.background.ts
index f4422e6d7f..8cdfa0f027 100644
--- a/apps/browser/src/autofill/background/web-request.background.ts
+++ b/apps/browser/src/autofill/background/web-request.background.ts
@@ -17,7 +17,7 @@ export default class WebRequestBackground {
     private authService: AuthService,
   ) {
     if (BrowserApi.isManifestVersion(2)) {
-      this.webRequest = (window as any).chrome.webRequest;
+      this.webRequest = chrome.webRequest;
     }
     this.isFirefox = platformUtilsService.isFirefox();
   }
diff --git a/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts b/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
index 760b833044..596d6b7235 100644
--- a/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
+++ b/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
@@ -30,6 +30,7 @@ import {
   authServiceFactory,
   AuthServiceInitOptions,
 } from "../../auth/background/service-factories/auth-service.factory";
+import { KeyConnectorServiceInitOptions } from "../../auth/background/service-factories/key-connector-service.factory";
 import { userVerificationServiceFactory } from "../../auth/background/service-factories/user-verification-service.factory";
 import { openUnlockPopout } from "../../auth/popup/utils/auth-popout-window";
 import { autofillSettingsServiceFactory } from "../../autofill/background/service_factories/autofill-settings-service.factory";
@@ -78,7 +79,9 @@ export class ContextMenuClickedHandler {
 
   static async mv3Create(cachedServices: CachedServices) {
     const stateFactory = new StateFactory(GlobalState, Account);
-    const serviceOptions: AuthServiceInitOptions & CipherServiceInitOptions = {
+    const serviceOptions: AuthServiceInitOptions &
+      CipherServiceInitOptions &
+      KeyConnectorServiceInitOptions = {
       apiServiceOptions: {
         logoutCallback: NOT_IMPLEMENTED,
       },
diff --git a/apps/browser/src/autofill/content/autofill-init.spec.ts b/apps/browser/src/autofill/content/autofill-init.spec.ts
index 8912a8c0ba..b299ddccbf 100644
--- a/apps/browser/src/autofill/content/autofill-init.spec.ts
+++ b/apps/browser/src/autofill/content/autofill-init.spec.ts
@@ -24,6 +24,7 @@ describe("AutofillInit", () => {
       },
     });
     autofillInit = new AutofillInit(autofillOverlayContentService);
+    window.IntersectionObserver = jest.fn(() => mock<IntersectionObserver>());
   });
 
   afterEach(() => {
diff --git a/apps/browser/src/autofill/content/autofiller.ts b/apps/browser/src/autofill/content/autofiller.ts
index 5f43023d8b..0ca9d37187 100644
--- a/apps/browser/src/autofill/content/autofiller.ts
+++ b/apps/browser/src/autofill/content/autofiller.ts
@@ -10,7 +10,7 @@ function loadAutofiller() {
   let pageHref: string = null;
   let filledThisHref = false;
   let delayFillTimeout: number;
-  let doFillInterval: NodeJS.Timeout;
+  let doFillInterval: number | NodeJS.Timeout;
   const handleExtensionDisconnect = () => {
     clearDoFillInterval();
     clearDelayFillTimeout();
diff --git a/apps/browser/src/autofill/notification/bar.ts b/apps/browser/src/autofill/notification/bar.ts
index 5d28bf8397..a730ee1eba 100644
--- a/apps/browser/src/autofill/notification/bar.ts
+++ b/apps/browser/src/autofill/notification/bar.ts
@@ -139,7 +139,7 @@ function initNotificationBar(message: NotificationBarWindowMessage) {
     });
   });
 
-  window.addEventListener("resize", adjustHeight);
+  globalThis.addEventListener("resize", adjustHeight);
   adjustHeight();
 }
 
@@ -384,7 +384,7 @@ function setupLogoLink(i18n: Record<string, string>) {
 function setNotificationBarTheme() {
   let theme = notificationBarIframeInitData.theme;
   if (theme === ThemeType.System) {
-    theme = window.matchMedia("(prefers-color-scheme: dark)").matches
+    theme = globalThis.matchMedia("(prefers-color-scheme: dark)").matches
       ? ThemeType.Dark
       : ThemeType.Light;
   }
@@ -393,5 +393,5 @@ function setNotificationBarTheme() {
 }
 
 function postMessageToParent(message: NotificationBarWindowMessage) {
-  window.parent.postMessage(message, windowMessageOrigin || "*");
+  globalThis.parent.postMessage(message, windowMessageOrigin || "*");
 }
diff --git a/apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts b/apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts
index 0ec7db131c..b7a6f2a39e 100644
--- a/apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts
+++ b/apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts
@@ -211,7 +211,7 @@ class AutofillOverlayIframeService implements AutofillOverlayIframeServiceInterf
     let borderColor: string;
     let verifiedTheme = theme;
     if (verifiedTheme === ThemeType.System) {
-      verifiedTheme = window.matchMedia("(prefers-color-scheme: dark)").matches
+      verifiedTheme = globalThis.matchMedia("(prefers-color-scheme: dark)").matches
         ? ThemeType.Dark
         : ThemeType.Light;
     }
diff --git a/apps/browser/src/autofill/overlay/pages/list/autofill-overlay-list.ts b/apps/browser/src/autofill/overlay/pages/list/autofill-overlay-list.ts
index 305a230e5c..8d4fa724af 100644
--- a/apps/browser/src/autofill/overlay/pages/list/autofill-overlay-list.ts
+++ b/apps/browser/src/autofill/overlay/pages/list/autofill-overlay-list.ts
@@ -19,7 +19,7 @@ class AutofillOverlayList extends AutofillOverlayPageElement {
   private ciphers: OverlayCipherData[] = [];
   private ciphersList: HTMLUListElement;
   private cipherListScrollIsDebounced = false;
-  private cipherListScrollDebounceTimeout: NodeJS.Timeout;
+  private cipherListScrollDebounceTimeout: number | NodeJS.Timeout;
   private currentCipherIndex = 0;
   private readonly showCiphersPerPage = 6;
   private readonly overlayListWindowMessageHandlers: OverlayListWindowMessageHandlers = {
diff --git a/apps/browser/src/autofill/services/abstractions/autofill.service.ts b/apps/browser/src/autofill/services/abstractions/autofill.service.ts
index 77a5f982fd..54a91a5176 100644
--- a/apps/browser/src/autofill/services/abstractions/autofill.service.ts
+++ b/apps/browser/src/autofill/services/abstractions/autofill.service.ts
@@ -15,7 +15,7 @@ export interface PageDetail {
 export interface AutoFillOptions {
   cipher: CipherView;
   pageDetails: PageDetail[];
-  doc?: typeof window.document;
+  doc?: typeof self.document;
   tab: chrome.tabs.Tab;
   skipUsernameOnlyFill?: boolean;
   onlyEmptyFields?: boolean;
diff --git a/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts b/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
index 9f3ffea142..96a1b4c851 100644
--- a/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
+++ b/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
@@ -173,12 +173,10 @@ describe("AutofillOverlayContentService", () => {
         autofillFieldData = mock<AutofillField>();
       });
 
-      it("ignores fields that are readonly", () => {
+      it("ignores fields that are readonly", async () => {
         autofillFieldData.readonly = true;
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -186,12 +184,10 @@ describe("AutofillOverlayContentService", () => {
         expect(autofillFieldElement.addEventListener).not.toHaveBeenCalled();
       });
 
-      it("ignores fields that contain a disabled attribute", () => {
+      it("ignores fields that contain a disabled attribute", async () => {
         autofillFieldData.disabled = true;
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -199,12 +195,10 @@ describe("AutofillOverlayContentService", () => {
         expect(autofillFieldElement.addEventListener).not.toHaveBeenCalled();
       });
 
-      it("ignores fields that are not viewable", () => {
+      it("ignores fields that are not viewable", async () => {
         autofillFieldData.viewable = false;
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -213,12 +207,10 @@ describe("AutofillOverlayContentService", () => {
       });
 
       it("ignores fields that are part of the ExcludedOverlayTypes", () => {
-        AutoFillConstants.ExcludedOverlayTypes.forEach((excludedType) => {
+        AutoFillConstants.ExcludedOverlayTypes.forEach(async (excludedType) => {
           autofillFieldData.type = excludedType;
 
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
-          autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+          await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
             autofillFieldElement,
             autofillFieldData,
           );
@@ -227,12 +219,10 @@ describe("AutofillOverlayContentService", () => {
         });
       });
 
-      it("ignores fields that contain the keyword `search`", () => {
+      it("ignores fields that contain the keyword `search`", async () => {
         autofillFieldData.placeholder = "search";
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -240,12 +230,10 @@ describe("AutofillOverlayContentService", () => {
         expect(autofillFieldElement.addEventListener).not.toHaveBeenCalled();
       });
 
-      it("ignores fields that contain the keyword `captcha` ", () => {
+      it("ignores fields that contain the keyword `captcha` ", async () => {
         autofillFieldData.placeholder = "captcha";
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -253,12 +241,10 @@ describe("AutofillOverlayContentService", () => {
         expect(autofillFieldElement.addEventListener).not.toHaveBeenCalled();
       });
 
-      it("ignores fields that do not appear as a login field", () => {
+      it("ignores fields that do not appear as a login field", async () => {
         autofillFieldData.placeholder = "not-a-login-field";
 
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
           autofillFieldElement,
           autofillFieldData,
         );
@@ -267,6 +253,17 @@ describe("AutofillOverlayContentService", () => {
       });
     });
 
+    it("skips setup on fields that have been previously set up", async () => {
+      autofillOverlayContentService["formFieldElements"].add(autofillFieldElement);
+
+      await autofillOverlayContentService.setupAutofillOverlayListenerOnField(
+        autofillFieldElement,
+        autofillFieldData,
+      );
+
+      expect(autofillFieldElement.addEventListener).not.toHaveBeenCalled();
+    });
+
     describe("identifies the overlay visibility setting", () => {
       it("defaults the overlay visibility setting to `OnFieldFocus` if a value is not set", async () => {
         sendExtensionMessageSpy.mockResolvedValueOnce(undefined);
diff --git a/apps/browser/src/autofill/services/autofill-overlay-content.service.ts b/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
index 79abdc3938..4b786e6ca3 100644
--- a/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
+++ b/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
@@ -86,7 +86,7 @@ class AutofillOverlayContentService implements AutofillOverlayContentServiceInte
     formFieldElement: ElementWithOpId<FormFieldElement>,
     autofillFieldData: AutofillField,
   ) {
-    if (this.isIgnoredField(autofillFieldData)) {
+    if (this.isIgnoredField(autofillFieldData) || this.formFieldElements.has(formFieldElement)) {
       return;
     }
 
@@ -712,7 +712,7 @@ class AutofillOverlayContentService implements AutofillOverlayContentServiceInte
   private async getBoundingClientRectFromIntersectionObserver(
     formFieldElement: ElementWithOpId<FormFieldElement>,
   ): Promise<DOMRectReadOnly | null> {
-    if (!("IntersectionObserver" in window) && !("IntersectionObserverEntry" in window)) {
+    if (!("IntersectionObserver" in globalThis) && !("IntersectionObserverEntry" in globalThis)) {
       return null;
     }
 
@@ -901,7 +901,7 @@ class AutofillOverlayContentService implements AutofillOverlayContentServiceInte
 
     if (
       this.focusedFieldData.focusedFieldRects?.top > 0 &&
-      this.focusedFieldData.focusedFieldRects?.top < window.innerHeight
+      this.focusedFieldData.focusedFieldRects?.top < globalThis.innerHeight
     ) {
       return;
     }
diff --git a/apps/browser/src/autofill/services/autofill.service.ts b/apps/browser/src/autofill/services/autofill.service.ts
index e353a34ea0..dae29e61e4 100644
--- a/apps/browser/src/autofill/services/autofill.service.ts
+++ b/apps/browser/src/autofill/services/autofill.service.ts
@@ -42,7 +42,7 @@ import {
 
 export default class AutofillService implements AutofillServiceInterface {
   private openVaultItemPasswordRepromptPopout = openVaultItemPasswordRepromptPopout;
-  private openPasswordRepromptPopoutDebounce: NodeJS.Timeout;
+  private openPasswordRepromptPopoutDebounce: number | NodeJS.Timeout;
   private currentlyOpeningPasswordRepromptPopout = false;
   private autofillScriptPortsSet = new Set<chrome.runtime.Port>();
   static searchFieldNamesSet = new Set(AutoFillConstants.SearchFieldNames);
diff --git a/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts b/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts
index d5c461269b..79cb41b9a1 100644
--- a/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts
+++ b/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts
@@ -27,6 +27,7 @@ describe("CollectAutofillContentService", () => {
   const domElementVisibilityService = new DomElementVisibilityService();
   const autofillOverlayContentService = new AutofillOverlayContentService();
   let collectAutofillContentService: CollectAutofillContentService;
+  const mockIntersectionObserver = mock<IntersectionObserver>();
 
   beforeEach(() => {
     document.body.innerHTML = mockLoginForm;
@@ -34,6 +35,7 @@ describe("CollectAutofillContentService", () => {
       domElementVisibilityService,
       autofillOverlayContentService,
     );
+    window.IntersectionObserver = jest.fn(() => mockIntersectionObserver);
   });
 
   afterEach(() => {
@@ -2527,10 +2529,10 @@ describe("CollectAutofillContentService", () => {
     });
 
     updatedAttributes.forEach((attribute) => {
-      it(`will update the ${attribute} value for the field element`, async () => {
+      it(`will update the ${attribute} value for the field element`, () => {
         jest.spyOn(collectAutofillContentService["autofillFieldElements"], "set");
 
-        await collectAutofillContentService["updateAutofillFieldElementData"](
+        collectAutofillContentService["updateAutofillFieldElementData"](
           attribute,
           fieldElement,
           autofillField,
@@ -2543,10 +2545,10 @@ describe("CollectAutofillContentService", () => {
       });
     });
 
-    it("will not update an attribute value if it is not present in the updateActions object", async () => {
+    it("will not update an attribute value if it is not present in the updateActions object", () => {
       jest.spyOn(collectAutofillContentService["autofillFieldElements"], "set");
 
-      await collectAutofillContentService["updateAutofillFieldElementData"](
+      collectAutofillContentService["updateAutofillFieldElementData"](
         "random-attribute",
         fieldElement,
         autofillField,
@@ -2555,4 +2557,67 @@ describe("CollectAutofillContentService", () => {
       expect(collectAutofillContentService["autofillFieldElements"].set).not.toBeCalled();
     });
   });
+
+  describe("handleFormElementIntersection", () => {
+    let isFormFieldViewableSpy: jest.SpyInstance;
+    let setupAutofillOverlayListenerOnFieldSpy: jest.SpyInstance;
+
+    beforeEach(() => {
+      isFormFieldViewableSpy = jest.spyOn(
+        collectAutofillContentService["domElementVisibilityService"],
+        "isFormFieldViewable",
+      );
+      setupAutofillOverlayListenerOnFieldSpy = jest.spyOn(
+        collectAutofillContentService["autofillOverlayContentService"],
+        "setupAutofillOverlayListenerOnField",
+      );
+    });
+
+    it("skips the initial intersection event for an observed element", async () => {
+      const formFieldElement = document.createElement("input") as ElementWithOpId<FormFieldElement>;
+      collectAutofillContentService["elementInitializingIntersectionObserver"].add(
+        formFieldElement,
+      );
+      const entries = [
+        { target: formFieldElement, isIntersecting: true },
+      ] as unknown as IntersectionObserverEntry[];
+
+      await collectAutofillContentService["handleFormElementIntersection"](entries);
+
+      expect(isFormFieldViewableSpy).not.toHaveBeenCalled();
+      expect(setupAutofillOverlayListenerOnFieldSpy).not.toHaveBeenCalled();
+    });
+
+    it("skips setting up the overlay listeners on a field that is not viewable", async () => {
+      const formFieldElement = document.createElement("input") as ElementWithOpId<FormFieldElement>;
+      const entries = [
+        { target: formFieldElement, isIntersecting: true },
+      ] as unknown as IntersectionObserverEntry[];
+      isFormFieldViewableSpy.mockReturnValueOnce(false);
+
+      await collectAutofillContentService["handleFormElementIntersection"](entries);
+
+      expect(isFormFieldViewableSpy).toHaveBeenCalledWith(formFieldElement);
+      expect(setupAutofillOverlayListenerOnFieldSpy).not.toHaveBeenCalled();
+    });
+
+    it("sets up the overlay listeners on a viewable field", async () => {
+      const formFieldElement = document.createElement("input") as ElementWithOpId<FormFieldElement>;
+      const autofillField = mock<AutofillField>();
+      const entries = [
+        { target: formFieldElement, isIntersecting: true },
+      ] as unknown as IntersectionObserverEntry[];
+      isFormFieldViewableSpy.mockReturnValueOnce(true);
+      collectAutofillContentService["autofillFieldElements"].set(formFieldElement, autofillField);
+      collectAutofillContentService["intersectionObserver"] = mockIntersectionObserver;
+
+      await collectAutofillContentService["handleFormElementIntersection"](entries);
+
+      expect(isFormFieldViewableSpy).toHaveBeenCalledWith(formFieldElement);
+      expect(setupAutofillOverlayListenerOnFieldSpy).toHaveBeenCalledWith(
+        formFieldElement,
+        autofillField,
+      );
+    });
+  });
 });
diff --git a/apps/browser/src/autofill/services/collect-autofill-content.service.ts b/apps/browser/src/autofill/services/collect-autofill-content.service.ts
index 1de801a2c2..63dee7f3b1 100644
--- a/apps/browser/src/autofill/services/collect-autofill-content.service.ts
+++ b/apps/browser/src/autofill/services/collect-autofill-content.service.ts
@@ -38,8 +38,10 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
   private autofillFormElements: AutofillFormElements = new Map();
   private autofillFieldElements: AutofillFieldElements = new Map();
   private currentLocationHref = "";
+  private intersectionObserver: IntersectionObserver;
+  private elementInitializingIntersectionObserver: Set<Element> = new Set();
   private mutationObserver: MutationObserver;
-  private updateAutofillElementsAfterMutationTimeout: NodeJS.Timeout;
+  private updateAutofillElementsAfterMutationTimeout: number | NodeJS.Timeout;
   private readonly updateAfterMutationTimeoutDelay = 1000;
   private readonly ignoredInputTypes = new Set([
     "hidden",
@@ -70,6 +72,10 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
       this.setupMutationObserver();
     }
 
+    if (!this.intersectionObserver) {
+      this.setupIntersectionObserver();
+    }
+
     if (!this.domRecentlyMutated && this.noFieldsFound) {
       return this.getFormattedPageDetails({}, []);
     }
@@ -180,7 +186,7 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
   ): AutofillPageDetails {
     return {
       title: document.title,
-      url: (document.defaultView || window).location.href,
+      url: (document.defaultView || globalThis).location.href,
       documentUrl: document.location.href,
       forms: autofillFormsData,
       fields: autofillFieldsData,
@@ -240,7 +246,7 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
    * @private
    */
   private getFormActionAttribute(element: ElementWithOpId<HTMLFormElement>): string {
-    return new URL(this.getPropertyOrAttribute(element, "action"), window.location.href).href;
+    return new URL(this.getPropertyOrAttribute(element, "action"), globalThis.location.href).href;
   }
 
   /**
@@ -360,11 +366,14 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
       tagName: this.getAttributeLowerCase(element, "tagName"),
     };
 
+    if (!autofillFieldBase.viewable) {
+      this.elementInitializingIntersectionObserver.add(element);
+      this.intersectionObserver.observe(element);
+    }
+
     if (elementIsSpanElement(element)) {
       this.cacheAutofillFieldElement(index, element, autofillFieldBase);
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.autofillOverlayContentService?.setupAutofillOverlayListenerOnField(
+      void this.autofillOverlayContentService?.setupAutofillOverlayListenerOnField(
         element,
         autofillFieldBase,
       );
@@ -407,9 +416,10 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
     };
 
     this.cacheAutofillFieldElement(index, element, autofillField);
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.autofillOverlayContentService?.setupAutofillOverlayListenerOnField(element, autofillField);
+    void this.autofillOverlayContentService?.setupAutofillOverlayListenerOnField(
+      element,
+      autofillField,
+    );
     return autofillField;
   };
 
@@ -1189,8 +1199,6 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
       return;
     }
 
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.updateAutofillFieldElementData(
       attributeName,
       targetElement as ElementWithOpId<FormFieldElement>,
@@ -1232,13 +1240,12 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
 
   /**
    * Updates the autofill field element data based on the passed attribute name.
+   *
    * @param {string} attributeName
    * @param {ElementWithOpId<FormFieldElement>} element
    * @param {AutofillField} dataTarget
-   * @returns {Promise<void>}
-   * @private
    */
-  private async updateAutofillFieldElementData(
+  private updateAutofillFieldElementData(
     attributeName: string,
     element: ElementWithOpId<FormFieldElement>,
     dataTarget: AutofillField,
@@ -1304,6 +1311,52 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
     return attributeValue;
   }
 
+  /**
+   * Sets up an IntersectionObserver to observe found form
+   * field elements that are not viewable in the viewport.
+   */
+  private setupIntersectionObserver() {
+    this.intersectionObserver = new IntersectionObserver(this.handleFormElementIntersection, {
+      root: null,
+      rootMargin: "0px",
+      threshold: 1.0,
+    });
+  }
+
+  /**
+   * Handles observed form field elements that are not viewable in the viewport.
+   * Will re-evaluate the visibility of the element and set up the autofill
+   * overlay listeners on the field if it is viewable.
+   *
+   * @param entries - The entries observed by the IntersectionObserver
+   */
+  private handleFormElementIntersection = async (entries: IntersectionObserverEntry[]) => {
+    for (let entryIndex = 0; entryIndex < entries.length; entryIndex++) {
+      const entry = entries[entryIndex];
+      const formFieldElement = entry.target as ElementWithOpId<FormFieldElement>;
+      if (this.elementInitializingIntersectionObserver.has(formFieldElement)) {
+        this.elementInitializingIntersectionObserver.delete(formFieldElement);
+        continue;
+      }
+
+      const isViewable =
+        await this.domElementVisibilityService.isFormFieldViewable(formFieldElement);
+      if (!isViewable) {
+        continue;
+      }
+
+      const cachedAutofillFieldElement = this.autofillFieldElements.get(formFieldElement);
+      cachedAutofillFieldElement.viewable = true;
+
+      void this.autofillOverlayContentService?.setupAutofillOverlayListenerOnField(
+        formFieldElement,
+        cachedAutofillFieldElement,
+      );
+
+      this.intersectionObserver.unobserve(entry.target);
+    }
+  };
+
   /**
    * Destroys the CollectAutofillContentService. Clears all
    * timeouts and disconnects the mutation observer.
@@ -1313,6 +1366,7 @@ class CollectAutofillContentService implements CollectAutofillContentServiceInte
       clearTimeout(this.updateAutofillElementsAfterMutationTimeout);
     }
     this.mutationObserver?.disconnect();
+    this.intersectionObserver?.disconnect();
   }
 }
 
diff --git a/apps/browser/src/autofill/services/dom-element-visibility.service.ts b/apps/browser/src/autofill/services/dom-element-visibility.service.ts
index acc5b12059..127ce84d91 100644
--- a/apps/browser/src/autofill/services/dom-element-visibility.service.ts
+++ b/apps/browser/src/autofill/services/dom-element-visibility.service.ts
@@ -66,7 +66,7 @@ class DomElementVisibilityService implements domElementVisibilityServiceInterfac
    */
   private getElementStyle(element: HTMLElement, styleProperty: string): string {
     if (!this.cachedComputedStyle) {
-      this.cachedComputedStyle = (element.ownerDocument.defaultView || window).getComputedStyle(
+      this.cachedComputedStyle = (element.ownerDocument.defaultView || globalThis).getComputedStyle(
         element,
       );
     }
diff --git a/apps/browser/src/autofill/services/insert-autofill-content.service.spec.ts b/apps/browser/src/autofill/services/insert-autofill-content.service.spec.ts
index 5ea1284d1b..5a123bf835 100644
--- a/apps/browser/src/autofill/services/insert-autofill-content.service.spec.ts
+++ b/apps/browser/src/autofill/services/insert-autofill-content.service.spec.ts
@@ -47,7 +47,7 @@ const initEventCount = Object.freeze(
 );
 
 let confirmSpy: jest.SpyInstance<boolean, [message?: string]>;
-let windowSpy: jest.SpyInstance<any>;
+let windowLocationSpy: jest.SpyInstance<any>;
 let savedURLs: string[] | null = ["https://bitwarden.com"];
 function setMockWindowLocation({
   protocol,
@@ -56,11 +56,9 @@ function setMockWindowLocation({
   protocol: "http:" | "https:";
   hostname: string;
 }) {
-  windowSpy.mockImplementation(() => ({
-    location: {
-      protocol,
-      hostname,
-    },
+  windowLocationSpy.mockImplementation(() => ({
+    protocol,
+    hostname,
   }));
 }
 
@@ -76,8 +74,8 @@ describe("InsertAutofillContentService", () => {
 
   beforeEach(() => {
     document.body.innerHTML = mockLoginForm;
-    confirmSpy = jest.spyOn(window, "confirm");
-    windowSpy = jest.spyOn(window, "window", "get");
+    confirmSpy = jest.spyOn(globalThis, "confirm");
+    windowLocationSpy = jest.spyOn(globalThis, "location", "get");
     insertAutofillContentService = new InsertAutofillContentService(
       domElementVisibilityService,
       collectAutofillContentService,
@@ -101,7 +99,7 @@ describe("InsertAutofillContentService", () => {
 
   afterEach(() => {
     jest.resetAllMocks();
-    windowSpy.mockRestore();
+    windowLocationSpy.mockRestore();
     confirmSpy.mockRestore();
     document.body.innerHTML = "";
   });
@@ -245,8 +243,8 @@ describe("InsertAutofillContentService", () => {
     });
 
     it("returns true if the frameElement has a sandbox attribute", () => {
-      Object.defineProperty(globalThis, "window", {
-        value: { frameElement: { hasAttribute: jest.fn(() => true) } },
+      Object.defineProperty(globalThis, "frameElement", {
+        value: { hasAttribute: jest.fn(() => true) },
         writable: true,
       });
 
@@ -991,11 +989,11 @@ describe("InsertAutofillContentService", () => {
       const inputElement = document.querySelector('input[type="text"]') as HTMLInputElement;
       inputElement.value = "test";
       jest.spyOn(inputElement, "focus");
-      jest.spyOn(window, "String");
+      jest.spyOn(globalThis, "String");
 
       insertAutofillContentService["triggerFocusOnElement"](inputElement, true);
 
-      expect(window.String).toHaveBeenCalledWith(value);
+      expect(globalThis.String).toHaveBeenCalledWith(value);
       expect(inputElement.focus).toHaveBeenCalled();
       expect(inputElement.value).toEqual(value);
     });
@@ -1005,11 +1003,11 @@ describe("InsertAutofillContentService", () => {
       const inputElement = document.querySelector('input[type="text"]') as HTMLInputElement;
       inputElement.value = "test";
       jest.spyOn(inputElement, "focus");
-      jest.spyOn(window, "String");
+      jest.spyOn(globalThis, "String");
 
       insertAutofillContentService["triggerFocusOnElement"](inputElement, false);
 
-      expect(window.String).not.toHaveBeenCalledWith();
+      expect(globalThis.String).not.toHaveBeenCalledWith();
       expect(inputElement.focus).toHaveBeenCalled();
       expect(inputElement.value).toEqual(value);
     });
diff --git a/apps/browser/src/autofill/services/insert-autofill-content.service.ts b/apps/browser/src/autofill/services/insert-autofill-content.service.ts
index dd14cadfa7..5cfa8091c4 100644
--- a/apps/browser/src/autofill/services/insert-autofill-content.service.ts
+++ b/apps/browser/src/autofill/services/insert-autofill-content.service.ts
@@ -65,8 +65,8 @@ class InsertAutofillContentService implements InsertAutofillContentServiceInterf
   private fillingWithinSandboxedIframe() {
     return (
       String(self.origin).toLowerCase() === "null" ||
-      window.frameElement?.hasAttribute("sandbox") ||
-      window.location.hostname === ""
+      globalThis.frameElement?.hasAttribute("sandbox") ||
+      globalThis.location.hostname === ""
     );
   }
 
@@ -79,8 +79,8 @@ class InsertAutofillContentService implements InsertAutofillContentServiceInterf
    */
   private userCancelledInsecureUrlAutofill(savedUrls?: string[] | null): boolean {
     if (
-      !savedUrls?.some((url) => url.startsWith(`https://${window.location.hostname}`)) ||
-      window.location.protocol !== "http:" ||
+      !savedUrls?.some((url) => url.startsWith(`https://${globalThis.location.hostname}`)) ||
+      globalThis.location.protocol !== "http:" ||
       !this.isPasswordFieldWithinDocument()
     ) {
       return false;
@@ -88,10 +88,10 @@ class InsertAutofillContentService implements InsertAutofillContentServiceInterf
 
     const confirmationWarning = [
       chrome.i18n.getMessage("insecurePageWarning"),
-      chrome.i18n.getMessage("insecurePageWarningFillPrompt", [window.location.hostname]),
+      chrome.i18n.getMessage("insecurePageWarningFillPrompt", [globalThis.location.hostname]),
     ].join("\n\n");
 
-    return !confirm(confirmationWarning);
+    return !globalThis.confirm(confirmationWarning);
   }
 
   /**
@@ -129,10 +129,10 @@ class InsertAutofillContentService implements InsertAutofillContentServiceInterf
 
     const confirmationWarning = [
       chrome.i18n.getMessage("autofillIframeWarning"),
-      chrome.i18n.getMessage("autofillIframeWarningTip", [window.location.hostname]),
+      chrome.i18n.getMessage("autofillIframeWarningTip", [globalThis.location.hostname]),
     ].join("\n\n");
 
-    return !confirm(confirmationWarning);
+    return !globalThis.confirm(confirmationWarning);
   }
 
   /**
diff --git a/apps/browser/src/background/idle.background.ts b/apps/browser/src/background/idle.background.ts
index 28c056cc0e..7b273459ad 100644
--- a/apps/browser/src/background/idle.background.ts
+++ b/apps/browser/src/background/idle.background.ts
@@ -11,7 +11,7 @@ const IdleInterval = 60 * 5; // 5 minutes
 
 export default class IdleBackground {
   private idle: typeof chrome.idle | typeof browser.idle | null;
-  private idleTimer: number = null;
+  private idleTimer: number | NodeJS.Timeout = null;
   private idleState = "active";
 
   constructor(
@@ -73,7 +73,7 @@ export default class IdleBackground {
 
   private pollIdle(handler: (newState: string) => void) {
     if (this.idleTimer != null) {
-      window.clearTimeout(this.idleTimer);
+      globalThis.clearTimeout(this.idleTimer);
       this.idleTimer = null;
     }
     // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
@@ -83,7 +83,7 @@ export default class IdleBackground {
         this.idleState = state;
         handler(state);
       }
-      this.idleTimer = window.setTimeout(() => this.pollIdle(handler), 5000);
+      this.idleTimer = globalThis.setTimeout(() => this.pollIdle(handler), 5000);
     });
   }
 }
diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts
index c84cced018..9331481a1e 100644
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -5,8 +5,11 @@ import {
   PinCryptoService,
   LoginStrategyServiceAbstraction,
   LoginStrategyService,
+  InternalUserDecryptionOptionsServiceAbstraction,
+  UserDecryptionOptionsService,
   AuthRequestServiceAbstraction,
   AuthRequestService,
+  LoginEmailServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
@@ -68,6 +71,7 @@ import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abs
 import { DefaultBillingAccountProfileStateService } from "@bitwarden/common/billing/services/account/billing-account-profile-state.service";
 import { AppIdService as AppIdServiceAbstraction } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config-api.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -91,6 +95,7 @@ import { StateFactory } from "@bitwarden/common/platform/factories/state-factory
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
 import { AppIdService } from "@bitwarden/common/platform/services/app-id.service";
 import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service";
+import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
@@ -141,6 +146,7 @@ import {
 } from "@bitwarden/common/tools/password-strength";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service";
 import { SendApiService as SendApiServiceAbstraction } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
+import { SendService } from "@bitwarden/common/tools/send/services/send.service";
 import { InternalSendService as InternalSendServiceAbstraction } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService as CipherServiceAbstraction } from "@bitwarden/common/vault/abstractions/cipher.service";
@@ -198,10 +204,10 @@ import { BrowserApi } from "../platform/browser/browser-api";
 import { flagEnabled } from "../platform/flags";
 import { UpdateBadge } from "../platform/listeners/update-badge";
 import { BrowserStateService as StateServiceAbstraction } from "../platform/services/abstractions/browser-state.service";
-import { BrowserConfigService } from "../platform/services/browser-config.service";
 import { BrowserCryptoService } from "../platform/services/browser-crypto.service";
 import { BrowserEnvironmentService } from "../platform/services/browser-environment.service";
 import BrowserLocalStorageService from "../platform/services/browser-local-storage.service";
+import BrowserMemoryStorageService from "../platform/services/browser-memory-storage.service";
 import BrowserMessagingPrivateModeBackgroundService from "../platform/services/browser-messaging-private-mode-background.service";
 import BrowserMessagingService from "../platform/services/browser-messaging.service";
 import { BrowserStateService } from "../platform/services/browser-state.service";
@@ -211,7 +217,6 @@ import { BackgroundPlatformUtilsService } from "../platform/services/platform-ut
 import { BrowserPlatformUtilsService } from "../platform/services/platform-utils/browser-platform-utils.service";
 import { BackgroundDerivedStateProvider } from "../platform/state/background-derived-state.provider";
 import { BackgroundMemoryStorageService } from "../platform/storage/background-memory-storage.service";
-import { BrowserSendService } from "../services/browser-send.service";
 import VaultTimeoutService from "../services/vault-timeout/vault-timeout.service";
 import FilelessImporterBackground from "../tools/background/fileless-importer.background";
 import { BrowserFido2UserInterfaceService } from "../vault/fido2/browser-fido2-user-interface.service";
@@ -226,7 +231,7 @@ import RuntimeBackground from "./runtime.background";
 
 export default class MainBackground {
   messagingService: MessagingServiceAbstraction;
-  storageService: AbstractStorageService;
+  storageService: AbstractStorageService & ObservableStorageService;
   secureStorageService: AbstractStorageService;
   memoryStorageService: AbstractMemoryStorageService;
   memoryStorageForStateProviders: AbstractMemoryStorageService & ObservableStorageService;
@@ -242,6 +247,7 @@ export default class MainBackground {
   environmentService: BrowserEnvironmentService;
   cipherService: CipherServiceAbstraction;
   folderService: InternalFolderServiceAbstraction;
+  userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction;
   collectionService: CollectionServiceAbstraction;
   vaultTimeoutService: VaultTimeoutService;
   vaultTimeoutSettingsService: VaultTimeoutSettingsServiceAbstraction;
@@ -254,6 +260,7 @@ export default class MainBackground {
   auditService: AuditServiceAbstraction;
   authService: AuthServiceAbstraction;
   loginStrategyService: LoginStrategyServiceAbstraction;
+  loginEmailService: LoginEmailServiceAbstraction;
   importApiService: ImportApiServiceAbstraction;
   importService: ImportServiceAbstraction;
   exportService: VaultExportServiceAbstraction;
@@ -290,7 +297,7 @@ export default class MainBackground {
   avatarService: AvatarServiceAbstraction;
   mainContextMenuHandler: MainContextMenuHandler;
   cipherContextMenuHandler: CipherContextMenuHandler;
-  configService: BrowserConfigService;
+  configService: ConfigService;
   configApiService: ConfigApiServiceAbstraction;
   devicesApiService: DevicesApiServiceAbstraction;
   devicesService: DevicesServiceAbstraction;
@@ -359,22 +366,28 @@ export default class MainBackground {
     this.cryptoFunctionService = new WebCryptoFunctionService(self);
     this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService);
     this.storageService = new BrowserLocalStorageService();
+
+    const mv3MemoryStorageCreator = (partitionName: string) => {
+      // TODO: Consider using multithreaded encrypt service in popup only context
+      return new LocalBackedSessionStorageService(
+        new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, false),
+        this.keyGenerationService,
+        new BrowserLocalStorageService(),
+        new BrowserMemoryStorageService(),
+        partitionName,
+      );
+    };
+
     this.secureStorageService = this.storageService; // secure storage is not supported in browsers, so we use local storage and warn users when it is used
     this.memoryStorageService = BrowserApi.isManifestVersion(3)
-      ? new LocalBackedSessionStorageService(
-          new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, false),
-          this.keyGenerationService,
-        )
+      ? mv3MemoryStorageCreator("stateService")
       : new MemoryStorageService();
     this.memoryStorageForStateProviders = BrowserApi.isManifestVersion(3)
-      ? new LocalBackedSessionStorageService(
-          new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, false),
-          this.keyGenerationService,
-        )
+      ? mv3MemoryStorageCreator("stateProviders")
       : new BackgroundMemoryStorageService();
 
     const storageServiceProvider = new StorageServiceProvider(
-      this.storageService as BrowserLocalStorageService,
+      this.storageService,
       this.memoryStorageForStateProviders,
     );
 
@@ -440,6 +453,9 @@ export default class MainBackground {
       this.globalStateProvider,
       this.platformUtilsService.supportsSecureStorage(),
       this.secureStorageService,
+      this.keyGenerationService,
+      this.encryptService,
+      this.logService,
     );
 
     const migrationRunner = new MigrationRunner(
@@ -507,7 +523,6 @@ export default class MainBackground {
     this.badgeSettingsService = new BadgeSettingsService(this.stateProvider);
     this.policyApiService = new PolicyApiService(this.policyService, this.apiService);
     this.keyConnectorService = new KeyConnectorService(
-      this.stateService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -515,6 +530,7 @@ export default class MainBackground {
       this.organizationService,
       this.keyGenerationService,
       logoutCallback,
+      this.stateProvider,
     );
 
     this.passwordStrengthService = new PasswordStrengthService();
@@ -539,17 +555,21 @@ export default class MainBackground {
       };
     })();
 
+    this.userDecryptionOptionsService = new UserDecryptionOptionsService(this.stateProvider);
+
     this.devicesApiService = new DevicesApiServiceImplementation(this.apiService);
     this.deviceTrustCryptoService = new DeviceTrustCryptoService(
       this.keyGenerationService,
       this.cryptoFunctionService,
       this.cryptoService,
       this.encryptService,
-      this.stateService,
       this.appIdService,
       this.devicesApiService,
       this.i18nService,
       this.platformUtilsService,
+      this.stateProvider,
+      this.secureStorageService,
+      this.userDecryptionOptionsService,
     );
 
     this.devicesService = new DevicesServiceImplementation(this.devicesApiService);
@@ -562,14 +582,16 @@ export default class MainBackground {
     );
 
     this.authService = new AuthService(
+      this.accountService,
       backgroundMessagingService,
       this.cryptoService,
       this.apiService,
       this.stateService,
+      this.tokenService,
     );
 
     this.billingAccountProfileStateService = new DefaultBillingAccountProfileStateService(
-      this.activeUserStateProvider,
+      this.stateProvider,
     );
 
     this.loginStrategyService = new LoginStrategyService(
@@ -590,6 +612,7 @@ export default class MainBackground {
       this.policyService,
       this.deviceTrustCryptoService,
       this.authRequestService,
+      this.userDecryptionOptionsService,
       this.globalStateProvider,
       this.billingAccountProfileStateService,
     );
@@ -598,15 +621,13 @@ export default class MainBackground {
 
     this.userVerificationApiService = new UserVerificationApiService(this.apiService);
 
-    this.configApiService = new ConfigApiService(this.apiService, this.authService);
+    this.configApiService = new ConfigApiService(this.apiService, this.tokenService);
 
-    this.configService = new BrowserConfigService(
-      this.stateService,
+    this.configService = new DefaultConfigService(
       this.configApiService,
-      this.authService,
       this.environmentService,
       this.logService,
-      true,
+      this.stateProvider,
     );
 
     this.cipherService = new CipherService(
@@ -631,6 +652,7 @@ export default class MainBackground {
     this.folderApiService = new FolderApiService(this.folderService, this.apiService);
 
     this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService(
+      this.userDecryptionOptionsService,
       this.cryptoService,
       this.tokenService,
       this.policyService,
@@ -650,6 +672,7 @@ export default class MainBackground {
       this.cryptoService,
       this.i18nService,
       this.userVerificationApiService,
+      this.userDecryptionOptionsService,
       this.pinCryptoService,
       this.logService,
       this.vaultTimeoutSettingsService,
@@ -684,7 +707,7 @@ export default class MainBackground {
       logoutCallback,
     );
     this.containerService = new ContainerService(this.cryptoService, this.encryptService);
-    this.sendService = new BrowserSendService(
+    this.sendService = new SendService(
       this.cryptoService,
       this.i18nService,
       this.keyGenerationService,
@@ -717,6 +740,7 @@ export default class MainBackground {
       this.folderApiService,
       this.organizationService,
       this.sendApiService,
+      this.userDecryptionOptionsService,
       this.avatarService,
       logoutCallback,
       this.billingAccountProfileStateService,
@@ -978,7 +1002,7 @@ export default class MainBackground {
   }
 
   async bootstrap() {
-    this.containerService.attachToGlobal(window);
+    this.containerService.attachToGlobal(self);
 
     await this.stateService.init();
 
@@ -990,7 +1014,6 @@ export default class MainBackground {
     this.filelessImporterBackground.init();
     await this.commandsBackground.init();
 
-    this.configService.init();
     this.twoFactorService.init();
 
     await this.overlayBackground.init();
@@ -1022,10 +1045,6 @@ export default class MainBackground {
 
     return new Promise<void>((resolve) => {
       setTimeout(async () => {
-        await this.environmentService.setUrlsFromStorage();
-        // Workaround to ignore stateService.activeAccount until URLs are set
-        // TODO: Remove this when implementing ticket PM-2637
-        this.environmentService.initialized = true;
         if (!this.isPrivateMode) {
           await this.refreshBadge();
         }
@@ -1072,7 +1091,9 @@ export default class MainBackground {
       await this.stateService.setActiveUser(userId);
 
       if (userId == null) {
-        await this.stateService.setRememberedEmail(null);
+        this.loginEmailService.setRememberEmail(false);
+        await this.loginEmailService.saveEmailSettings();
+
         await this.refreshBadge();
         await this.refreshMenu();
         await this.overlayBackground.updateOverlayCiphers();
@@ -1117,7 +1138,6 @@ export default class MainBackground {
       this.policyService.clear(userId),
       this.passwordGenerationService.clear(userId),
       this.vaultTimeoutSettingsService.clear(userId),
-      this.keyConnectorService.clear(),
       this.vaultFilterService.clear(),
       this.biometricStateService.logout(userId),
       this.providerService.save(null, userId),
diff --git a/apps/browser/src/background/runtime.background.ts b/apps/browser/src/background/runtime.background.ts
index f422fc8550..a88bc051d8 100644
--- a/apps/browser/src/background/runtime.background.ts
+++ b/apps/browser/src/background/runtime.background.ts
@@ -1,7 +1,9 @@
+import { firstValueFrom } from "rxjs";
+
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
 import { AutofillOverlayVisibility } from "@bitwarden/common/autofill/constants";
 import { AutofillSettingsServiceAbstraction } from "@bitwarden/common/autofill/services/autofill-settings.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -44,7 +46,7 @@ export default class RuntimeBackground {
     private environmentService: BrowserEnvironmentService,
     private messagingService: MessagingService,
     private logService: LogService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private fido2Service: Fido2Service,
   ) {
     // onInstalled listener must be wired up before anything else, so we do it in the ctor
@@ -87,7 +89,7 @@ export default class RuntimeBackground {
 
     BrowserApi.messageListener("runtime.background", backgroundMessageListener);
     if (this.main.popupOnlyContext) {
-      (window as any).bitwardenBackgroundMessageListener = backgroundMessageListener;
+      (self as any).bitwardenBackgroundMessageListener = backgroundMessageListener;
     }
   }
 
@@ -134,7 +136,7 @@ export default class RuntimeBackground {
             await this.main.refreshBadge();
             await this.main.refreshMenu();
           }, 2000);
-          this.configService.triggerServerConfigFetch();
+          await this.configService.ensureConfigFetched();
         }
         break;
       case "openPopup":
@@ -220,7 +222,8 @@ export default class RuntimeBackground {
         }
         break;
       case "authResult": {
-        const vaultUrl = this.environmentService.getWebVaultUrl();
+        const env = await firstValueFrom(this.environmentService.environment$);
+        const vaultUrl = env.getWebVaultUrl();
 
         if (msg.referrer == null || Utils.getHostname(vaultUrl) !== msg.referrer) {
           return;
@@ -241,7 +244,8 @@ export default class RuntimeBackground {
         break;
       }
       case "webAuthnResult": {
-        const vaultUrl = this.environmentService.getWebVaultUrl();
+        const env = await firstValueFrom(this.environmentService.environment$);
+        const vaultUrl = env.getWebVaultUrl();
 
         if (msg.referrer == null || Utils.getHostname(vaultUrl) !== msg.referrer) {
           return;
@@ -364,7 +368,8 @@ export default class RuntimeBackground {
 
   async sendBwInstalledMessageToVault() {
     try {
-      const vaultUrl = this.environmentService.getWebVaultUrl();
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const vaultUrl = env.getWebVaultUrl();
       const urlObj = new URL(vaultUrl);
 
       const tabs = await BrowserApi.tabsQuery({ url: `${urlObj.href}*` });
diff --git a/apps/browser/src/background/service-factories/send-service.factory.ts b/apps/browser/src/background/service-factories/send-service.factory.ts
index bca46b4703..7c64bc076a 100644
--- a/apps/browser/src/background/service-factories/send-service.factory.ts
+++ b/apps/browser/src/background/service-factories/send-service.factory.ts
@@ -1,3 +1,4 @@
+import { SendService } from "@bitwarden/common/tools/send/services/send.service";
 import { InternalSendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 
 import {
@@ -21,7 +22,6 @@ import {
   stateServiceFactory,
   StateServiceInitOptions,
 } from "../../platform/background/service-factories/state-service.factory";
-import { BrowserSendService } from "../../services/browser-send.service";
 
 type SendServiceFactoryOptions = FactoryOptions;
 
@@ -40,7 +40,7 @@ export function sendServiceFactory(
     "sendService",
     opts,
     async () =>
-      new BrowserSendService(
+      new SendService(
         await cryptoServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
         await keyGenerationServiceFactory(cache, opts),
diff --git a/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts b/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
index febc605bc8..92a1d83dd2 100644
--- a/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
+++ b/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
@@ -9,6 +9,10 @@ import {
   tokenServiceFactory,
   TokenServiceInitOptions,
 } from "../../auth/background/service-factories/token-service.factory";
+import {
+  userDecryptionOptionsServiceFactory,
+  UserDecryptionOptionsServiceInitOptions,
+} from "../../auth/background/service-factories/user-decryption-options-service.factory";
 import {
   biometricStateServiceFactory,
   BiometricStateServiceInitOptions,
@@ -30,6 +34,7 @@ import {
 type VaultTimeoutSettingsServiceFactoryOptions = FactoryOptions;
 
 export type VaultTimeoutSettingsServiceInitOptions = VaultTimeoutSettingsServiceFactoryOptions &
+  UserDecryptionOptionsServiceInitOptions &
   CryptoServiceInitOptions &
   TokenServiceInitOptions &
   PolicyServiceInitOptions &
@@ -46,6 +51,7 @@ export function vaultTimeoutSettingsServiceFactory(
     opts,
     async () =>
       new VaultTimeoutSettingsService(
+        await userDecryptionOptionsServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),
         await policyServiceFactory(cache, opts),
diff --git a/apps/browser/src/manifest.json b/apps/browser/src/manifest.json
index e3f6e6353f..271b2c76a2 100644
--- a/apps/browser/src/manifest.json
+++ b/apps/browser/src/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2024.3.0",
+  "version": "2024.3.1",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
@@ -18,23 +18,24 @@
     {
       "all_frames": false,
       "js": ["content/content-message-handler.js"],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
+      "matches": ["*://*/*", "file:///*"],
+      "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
       "run_at": "document_start"
     },
     {
       "all_frames": true,
-      "js": [
-        "content/trigger-autofill-script-injection.js",
-        "content/fido2/trigger-fido2-content-script-injection.js"
-      ],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
+      "js": ["content/fido2/trigger-fido2-content-script-injection.js"],
+      "matches": ["https://*/*"],
+      "exclude_matches": ["https://*/*.xml*"],
       "run_at": "document_start"
     },
     {
       "all_frames": true,
       "css": ["content/autofill.css"],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
-      "run_at": "document_end"
+      "js": ["content/trigger-autofill-script-injection.js"],
+      "matches": ["*://*/*", "file:///*"],
+      "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
+      "run_at": "document_start"
     },
     {
       "all_frames": false,
@@ -57,6 +58,7 @@
   },
   "permissions": [
     "<all_urls>",
+    "*://*/*",
     "tabs",
     "contextMenus",
     "storage",
@@ -64,8 +66,6 @@
     "clipboardRead",
     "clipboardWrite",
     "idle",
-    "http://*/*",
-    "https://*/*",
     "webRequest",
     "webRequestBlocking"
   ],
diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json
index 25215597f8..e7b0c0cd1e 100644
--- a/apps/browser/src/manifest.v3.json
+++ b/apps/browser/src/manifest.v3.json
@@ -3,7 +3,7 @@
   "minimum_chrome_version": "102.0",
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2024.3.0",
+  "version": "2024.3.1",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
@@ -19,16 +19,23 @@
     {
       "all_frames": false,
       "js": ["content/content-message-handler.js"],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
+      "matches": ["*://*/*", "file:///*"],
+      "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
       "run_at": "document_start"
     },
     {
       "all_frames": true,
-      "js": [
-        "content/trigger-autofill-script-injection.js",
-        "content/fido2/trigger-fido2-content-script-injection.js"
-      ],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
+      "js": ["content/fido2/trigger-fido2-content-script-injection.js"],
+      "matches": ["https://*/*"],
+      "exclude_matches": ["https://*/*.xml*"],
+      "run_at": "document_start"
+    },
+    {
+      "all_frames": true,
+      "css": ["content/autofill.css"],
+      "js": ["content/trigger-autofill-script-injection.js", "content/misc-utils.js"],
+      "matches": ["*://*/*", "file:///*"],
+      "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
       "run_at": "document_start"
     },
     {
@@ -36,18 +43,6 @@
       "js": ["content/lp-fileless-importer.js"],
       "matches": ["https://lastpass.com/export.php"],
       "run_at": "document_start"
-    },
-    {
-      "all_frames": true,
-      "css": ["content/autofill.css"],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
-      "run_at": "document_end"
-    },
-    {
-      "all_frames": true,
-      "js": ["content/misc-utils.js"],
-      "matches": ["http://*/*", "https://*/*", "file:///*"],
-      "run_at": "document_end"
     }
   ],
   "background": {
@@ -76,7 +71,7 @@
     "offscreen"
   ],
   "optional_permissions": ["nativeMessaging", "privacy"],
-  "host_permissions": ["http://*/*", "https://*/*"],
+  "host_permissions": ["*://*/*"],
   "content_security_policy": {
     "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'",
     "sandbox": "sandbox allow-scripts; script-src 'self'"
diff --git a/apps/browser/src/platform/background.ts b/apps/browser/src/platform/background.ts
index b71b4d96b0..9c3510178c 100644
--- a/apps/browser/src/platform/background.ts
+++ b/apps/browser/src/platform/background.ts
@@ -1,42 +1,35 @@
+import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
+
 import MainBackground from "../background/main.background";
 
-import { onAlarmListener } from "./alarms/on-alarm-listener";
-import { registerAlarms } from "./alarms/register-alarms";
 import { BrowserApi } from "./browser/browser-api";
-import {
-  contextMenusClickedListener,
-  onCommandListener,
-  onInstallListener,
-  runtimeMessageListener,
-  windowsOnFocusChangedListener,
-  tabsOnActivatedListener,
-  tabsOnReplacedListener,
-  tabsOnUpdatedListener,
-} from "./listeners";
 
-if (BrowserApi.isManifestVersion(3)) {
-  chrome.commands.onCommand.addListener(onCommandListener);
-  chrome.runtime.onInstalled.addListener(onInstallListener);
-  chrome.alarms.onAlarm.addListener(onAlarmListener);
-  registerAlarms();
-  chrome.windows.onFocusChanged.addListener(windowsOnFocusChangedListener);
-  chrome.tabs.onActivated.addListener(tabsOnActivatedListener);
-  chrome.tabs.onReplaced.addListener(tabsOnReplacedListener);
-  chrome.tabs.onUpdated.addListener(tabsOnUpdatedListener);
-  chrome.contextMenus.onClicked.addListener(contextMenusClickedListener);
-  BrowserApi.messageListener(
-    "runtime.background",
-    (message: { command: string }, sender, sendResponse) => {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      runtimeMessageListener(message, sender);
-    },
-  );
-} else {
-  const bitwardenMain = ((window as any).bitwardenMain = new MainBackground());
-  // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-  // eslint-disable-next-line @typescript-eslint/no-floating-promises
-  bitwardenMain.bootstrap().then(() => {
+const logService = new ConsoleLogService(false);
+const bitwardenMain = ((self as any).bitwardenMain = new MainBackground());
+bitwardenMain
+  .bootstrap()
+  .then(() => {
     // Finished bootstrapping
-  });
+    if (BrowserApi.isManifestVersion(3)) {
+      startHeartbeat().catch((error) => logService.error(error));
+    }
+  })
+  .catch((error) => logService.error(error));
+
+/**
+ * Tracks when a service worker was last alive and extends the service worker
+ * lifetime by writing the current time to extension storage every 20 seconds.
+ */
+async function runHeartbeat() {
+  await chrome.storage.local.set({ "last-heartbeat": new Date().getTime() });
+}
+
+/**
+ * Starts the heartbeat interval which keeps the service worker alive.
+ */
+async function startHeartbeat() {
+  // Run the heartbeat once at service worker startup, then again every 20 seconds.
+  runHeartbeat()
+    .then(() => setInterval(runHeartbeat, 20 * 1000))
+    .catch((error) => logService.error(error));
 }
diff --git a/apps/browser/src/platform/background/service-factories/billing-account-profile-state-service.factory.ts b/apps/browser/src/platform/background/service-factories/billing-account-profile-state-service.factory.ts
index 80482eacb6..378707d6be 100644
--- a/apps/browser/src/platform/background/service-factories/billing-account-profile-state-service.factory.ts
+++ b/apps/browser/src/platform/background/service-factories/billing-account-profile-state-service.factory.ts
@@ -1,9 +1,8 @@
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { DefaultBillingAccountProfileStateService } from "@bitwarden/common/billing/services/account/billing-account-profile-state.service";
 
-import { activeUserStateProviderFactory } from "./active-user-state-provider.factory";
 import { FactoryOptions, CachedServices, factory } from "./factory-options";
-import { StateProviderInitOptions } from "./state-provider.factory";
+import { StateProviderInitOptions, stateProviderFactory } from "./state-provider.factory";
 
 type BillingAccountProfileStateServiceFactoryOptions = FactoryOptions;
 
@@ -21,8 +20,6 @@ export function billingAccountProfileStateServiceFactory(
     "billingAccountProfileStateService",
     opts,
     async () =>
-      new DefaultBillingAccountProfileStateService(
-        await activeUserStateProviderFactory(cache, opts),
-      ),
+      new DefaultBillingAccountProfileStateService(await stateProviderFactory(cache, opts)),
   );
 }
diff --git a/apps/browser/src/platform/background/service-factories/config-api.service.factory.ts b/apps/browser/src/platform/background/service-factories/config-api.service.factory.ts
index c0dbf1f475..3d7d508832 100644
--- a/apps/browser/src/platform/background/service-factories/config-api.service.factory.ts
+++ b/apps/browser/src/platform/background/service-factories/config-api.service.factory.ts
@@ -2,9 +2,9 @@ import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstract
 import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service";
 
 import {
-  authServiceFactory,
-  AuthServiceInitOptions,
-} from "../../../auth/background/service-factories/auth-service.factory";
+  tokenServiceFactory,
+  TokenServiceInitOptions,
+} from "../../../auth/background/service-factories/token-service.factory";
 
 import { apiServiceFactory, ApiServiceInitOptions } from "./api-service.factory";
 import { FactoryOptions, CachedServices, factory } from "./factory-options";
@@ -13,7 +13,7 @@ type ConfigApiServiceFactoyOptions = FactoryOptions;
 
 export type ConfigApiServiceInitOptions = ConfigApiServiceFactoyOptions &
   ApiServiceInitOptions &
-  AuthServiceInitOptions;
+  TokenServiceInitOptions;
 
 export function configApiServiceFactory(
   cache: { configApiService?: ConfigApiServiceAbstraction } & CachedServices,
@@ -26,7 +26,7 @@ export function configApiServiceFactory(
     async () =>
       new ConfigApiService(
         await apiServiceFactory(cache, opts),
-        await authServiceFactory(cache, opts),
+        await tokenServiceFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/platform/background/service-factories/config-service.factory.ts b/apps/browser/src/platform/background/service-factories/config-service.factory.ts
index 9c8b485c2a..a899f8fd9a 100644
--- a/apps/browser/src/platform/background/service-factories/config-service.factory.ts
+++ b/apps/browser/src/platform/background/service-factories/config-service.factory.ts
@@ -1,10 +1,5 @@
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
-
-import {
-  authServiceFactory,
-  AuthServiceInitOptions,
-} from "../../../auth/background/service-factories/auth-service.factory";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 
 import { configApiServiceFactory, ConfigApiServiceInitOptions } from "./config-api.service.factory";
 import {
@@ -13,37 +8,30 @@ import {
 } from "./environment-service.factory";
 import { FactoryOptions, CachedServices, factory } from "./factory-options";
 import { logServiceFactory, LogServiceInitOptions } from "./log-service.factory";
-import { stateServiceFactory, StateServiceInitOptions } from "./state-service.factory";
+import { stateProviderFactory, StateProviderInitOptions } from "./state-provider.factory";
 
-type ConfigServiceFactoryOptions = FactoryOptions & {
-  configServiceOptions?: {
-    subscribe?: boolean;
-  };
-};
+type ConfigServiceFactoryOptions = FactoryOptions;
 
 export type ConfigServiceInitOptions = ConfigServiceFactoryOptions &
-  StateServiceInitOptions &
   ConfigApiServiceInitOptions &
-  AuthServiceInitOptions &
   EnvironmentServiceInitOptions &
-  LogServiceInitOptions;
+  LogServiceInitOptions &
+  StateProviderInitOptions;
 
 export function configServiceFactory(
-  cache: { configService?: ConfigServiceAbstraction } & CachedServices,
+  cache: { configService?: ConfigService } & CachedServices,
   opts: ConfigServiceInitOptions,
-): Promise<ConfigServiceAbstraction> {
+): Promise<ConfigService> {
   return factory(
     cache,
     "configService",
     opts,
     async () =>
-      new ConfigService(
-        await stateServiceFactory(cache, opts),
+      new DefaultConfigService(
         await configApiServiceFactory(cache, opts),
-        await authServiceFactory(cache, opts),
         await environmentServiceFactory(cache, opts),
         await logServiceFactory(cache, opts),
-        opts.configServiceOptions?.subscribe ?? true,
+        await stateProviderFactory(cache, opts),
       ),
   );
 }
diff --git a/apps/browser/src/platform/background/service-factories/storage-service.factory.ts b/apps/browser/src/platform/background/service-factories/storage-service.factory.ts
index 6a854255f5..19d5a9c140 100644
--- a/apps/browser/src/platform/background/service-factories/storage-service.factory.ts
+++ b/apps/browser/src/platform/background/service-factories/storage-service.factory.ts
@@ -7,6 +7,7 @@ import { MemoryStorageService } from "@bitwarden/common/platform/services/memory
 
 import { BrowserApi } from "../../browser/browser-api";
 import BrowserLocalStorageService from "../../services/browser-local-storage.service";
+import BrowserMemoryStorageService from "../../services/browser-memory-storage.service";
 import { LocalBackedSessionStorageService } from "../../services/local-backed-session-storage.service";
 import { BackgroundMemoryStorageService } from "../../storage/background-memory-storage.service";
 
@@ -17,13 +18,14 @@ import {
   keyGenerationServiceFactory,
 } from "./key-generation-service.factory";
 
-type StorageServiceFactoryOptions = FactoryOptions;
-
-export type DiskStorageServiceInitOptions = StorageServiceFactoryOptions;
-export type SecureStorageServiceInitOptions = StorageServiceFactoryOptions;
-export type MemoryStorageServiceInitOptions = StorageServiceFactoryOptions &
+export type DiskStorageServiceInitOptions = FactoryOptions;
+export type SecureStorageServiceInitOptions = FactoryOptions;
+export type SessionStorageServiceInitOptions = FactoryOptions;
+export type MemoryStorageServiceInitOptions = FactoryOptions &
   EncryptServiceInitOptions &
-  KeyGenerationServiceInitOptions;
+  KeyGenerationServiceInitOptions &
+  DiskStorageServiceInitOptions &
+  SessionStorageServiceInitOptions;
 
 export function diskStorageServiceFactory(
   cache: { diskStorageService?: AbstractStorageService } & CachedServices,
@@ -47,6 +49,13 @@ export function secureStorageServiceFactory(
   return factory(cache, "secureStorageService", opts, () => new BrowserLocalStorageService());
 }
 
+export function sessionStorageServiceFactory(
+  cache: { sessionStorageService?: AbstractStorageService } & CachedServices,
+  opts: SessionStorageServiceInitOptions,
+): Promise<AbstractStorageService> {
+  return factory(cache, "sessionStorageService", opts, () => new BrowserMemoryStorageService());
+}
+
 export function memoryStorageServiceFactory(
   cache: { memoryStorageService?: AbstractMemoryStorageService } & CachedServices,
   opts: MemoryStorageServiceInitOptions,
@@ -56,6 +65,9 @@ export function memoryStorageServiceFactory(
       return new LocalBackedSessionStorageService(
         await encryptServiceFactory(cache, opts),
         await keyGenerationServiceFactory(cache, opts),
+        await diskStorageServiceFactory(cache, opts),
+        await sessionStorageServiceFactory(cache, opts),
+        "serviceFactories",
       );
     }
     return new MemoryStorageService();
diff --git a/apps/browser/src/platform/browser/browser-api.ts b/apps/browser/src/platform/browser/browser-api.ts
index 362aac1af9..b2ee66f051 100644
--- a/apps/browser/src/platform/browser/browser-api.ts
+++ b/apps/browser/src/platform/browser/browser-api.ts
@@ -351,11 +351,11 @@ export class BrowserApi {
   private static setupUnloadListeners() {
     // The MDN recommend using 'visibilitychange' but that event is fired any time the popup window is obscured as well
     // 'pagehide' works just like 'unload' but is compatible with the back/forward cache, so we prefer using that one
-    window.onpagehide = () => {
+    self.addEventListener("pagehide", () => {
       for (const [event, callback] of BrowserApi.trackedChromeEventListeners) {
         event.removeListener(callback);
       }
-    };
+    });
   }
 
   static sendMessage(subscriber: string, arg: any = {}) {
@@ -423,7 +423,7 @@ export class BrowserApi {
       return;
     }
 
-    const currentHref = window.location.href;
+    const currentHref = self.location.href;
     views
       .filter((w) => w.location.href != null && !w.location.href.includes("background.html"))
       .filter((w) => !exemptCurrentHref || w.location.href !== currentHref)
diff --git a/apps/browser/src/platform/offscreen-document/offscreen-document.ts b/apps/browser/src/platform/offscreen-document/offscreen-document.ts
index 02ae5cdb23..627036b80b 100644
--- a/apps/browser/src/platform/offscreen-document/offscreen-document.ts
+++ b/apps/browser/src/platform/offscreen-document/offscreen-document.ts
@@ -29,14 +29,14 @@ class OffscreenDocument implements OffscreenDocumentInterface {
    * @param message - The extension message containing the text to copy
    */
   private async handleOffscreenCopyToClipboard(message: OffscreenDocumentExtensionMessage) {
-    await BrowserClipboardService.copy(window, message.text);
+    await BrowserClipboardService.copy(self, message.text);
   }
 
   /**
    * Reads the user's clipboard and returns the text.
    */
   private async handleOffscreenReadFromClipboard() {
-    return await BrowserClipboardService.read(window);
+    return await BrowserClipboardService.read(self);
   }
 
   /**
diff --git a/apps/browser/src/platform/services/browser-file-download.service.ts b/apps/browser/src/platform/popup/services/browser-file-download.service.ts
similarity index 93%
rename from apps/browser/src/platform/services/browser-file-download.service.ts
rename to apps/browser/src/platform/popup/services/browser-file-download.service.ts
index 8cb4d498a3..e9aaa639c4 100644
--- a/apps/browser/src/platform/services/browser-file-download.service.ts
+++ b/apps/browser/src/platform/popup/services/browser-file-download.service.ts
@@ -5,8 +5,8 @@ import { FileDownloadRequest } from "@bitwarden/common/platform/abstractions/fil
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 
-import { SafariApp } from "../../browser/safariApp";
-import { BrowserApi } from "../browser/browser-api";
+import { SafariApp } from "../../../browser/safariApp";
+import { BrowserApi } from "../../browser/browser-api";
 
 @Injectable()
 export class BrowserFileDownloadService implements FileDownloadService {
diff --git a/apps/browser/src/platform/services/abstractions/browser-state.service.ts b/apps/browser/src/platform/services/abstractions/browser-state.service.ts
index 88c2312762..82ec54975a 100644
--- a/apps/browser/src/platform/services/abstractions/browser-state.service.ts
+++ b/apps/browser/src/platform/services/abstractions/browser-state.service.ts
@@ -3,22 +3,9 @@ import { StorageOptions } from "@bitwarden/common/platform/models/domain/storage
 
 import { Account } from "../../../models/account";
 import { BrowserComponentState } from "../../../models/browserComponentState";
-import { BrowserGroupingsComponentState } from "../../../models/browserGroupingsComponentState";
 import { BrowserSendComponentState } from "../../../models/browserSendComponentState";
 
 export abstract class BrowserStateService extends BaseStateServiceAbstraction<Account> {
-  getBrowserGroupingComponentState: (
-    options?: StorageOptions,
-  ) => Promise<BrowserGroupingsComponentState>;
-  setBrowserGroupingComponentState: (
-    value: BrowserGroupingsComponentState,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getBrowserVaultItemsComponentState: (options?: StorageOptions) => Promise<BrowserComponentState>;
-  setBrowserVaultItemsComponentState: (
-    value: BrowserComponentState,
-    options?: StorageOptions,
-  ) => Promise<void>;
   getBrowserSendComponentState: (options?: StorageOptions) => Promise<BrowserSendComponentState>;
   setBrowserSendComponentState: (
     value: BrowserSendComponentState,
diff --git a/apps/browser/src/platform/services/browser-config.service.ts b/apps/browser/src/platform/services/browser-config.service.ts
deleted file mode 100644
index 557db4f33c..0000000000
--- a/apps/browser/src/platform/services/browser-config.service.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-import { ReplaySubject } from "rxjs";
-
-import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
-import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config-api.service.abstraction";
-import { ServerConfig } from "@bitwarden/common/platform/abstractions/config/server-config";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
-import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
-
-import { browserSession, sessionSync } from "../decorators/session-sync-observable";
-
-@browserSession
-export class BrowserConfigService extends ConfigService {
-  @sessionSync<ServerConfig>({ initializer: ServerConfig.fromJSON })
-  protected _serverConfig: ReplaySubject<ServerConfig | null>;
-
-  constructor(
-    stateService: StateService,
-    configApiService: ConfigApiServiceAbstraction,
-    authService: AuthService,
-    environmentService: EnvironmentService,
-    logService: LogService,
-    subscribe = false,
-  ) {
-    super(stateService, configApiService, authService, environmentService, logService, subscribe);
-  }
-}
diff --git a/apps/browser/src/platform/services/browser-environment.service.ts b/apps/browser/src/platform/services/browser-environment.service.ts
index 77cf7de8ea..d7e22cf747 100644
--- a/apps/browser/src/platform/services/browser-environment.service.ts
+++ b/apps/browser/src/platform/services/browser-environment.service.ts
@@ -1,12 +1,15 @@
+import { firstValueFrom } from "rxjs";
+
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { Region } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
 import { StateProvider } from "@bitwarden/common/platform/state";
 
 import { GroupPolicyEnvironment } from "../../admin-console/types/group-policy-environment";
 import { devFlagEnabled, devFlagValue } from "../flags";
 
-export class BrowserEnvironmentService extends EnvironmentService {
+export class BrowserEnvironmentService extends DefaultEnvironmentService {
   constructor(
     private logService: LogService,
     stateProvider: StateProvider,
@@ -29,16 +32,18 @@ export class BrowserEnvironmentService extends EnvironmentService {
       return false;
     }
 
-    const env = await this.getManagedEnvironment();
+    const managedEnv = await this.getManagedEnvironment();
+    const env = await firstValueFrom(this.environment$);
+    const urls = env.getUrls();
 
     return (
-      env.base != this.baseUrl ||
-      env.webVault != this.webVaultUrl ||
-      env.api != this.webVaultUrl ||
-      env.identity != this.identityUrl ||
-      env.icons != this.iconsUrl ||
-      env.notifications != this.notificationsUrl ||
-      env.events != this.eventsUrl
+      managedEnv.base != urls.base ||
+      managedEnv.webVault != urls.webVault ||
+      managedEnv.api != urls.api ||
+      managedEnv.identity != urls.identity ||
+      managedEnv.icons != urls.icons ||
+      managedEnv.notifications != urls.notifications ||
+      managedEnv.events != urls.events
     );
   }
 
@@ -62,7 +67,7 @@ export class BrowserEnvironmentService extends EnvironmentService {
 
   async setUrlsToManagedEnvironment() {
     const env = await this.getManagedEnvironment();
-    await this.setUrls({
+    await this.setEnvironment(Region.SelfHosted, {
       base: env.base,
       webVault: env.webVault,
       api: env.api,
diff --git a/apps/browser/src/platform/services/browser-messaging-private-mode-background.service.ts b/apps/browser/src/platform/services/browser-messaging-private-mode-background.service.ts
index c2a6f8c5e1..0c7008473b 100644
--- a/apps/browser/src/platform/services/browser-messaging-private-mode-background.service.ts
+++ b/apps/browser/src/platform/services/browser-messaging-private-mode-background.service.ts
@@ -3,6 +3,6 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 export default class BrowserMessagingPrivateModeBackgroundService implements MessagingService {
   send(subscriber: string, arg: any = {}) {
     const message = Object.assign({}, { command: subscriber }, arg);
-    (window as any).bitwardenPopupMainMessageListener(message);
+    (self as any).bitwardenPopupMainMessageListener(message);
   }
 }
diff --git a/apps/browser/src/platform/services/browser-messaging-private-mode-popup.service.ts b/apps/browser/src/platform/services/browser-messaging-private-mode-popup.service.ts
index 5572ba1ba4..5883f61197 100644
--- a/apps/browser/src/platform/services/browser-messaging-private-mode-popup.service.ts
+++ b/apps/browser/src/platform/services/browser-messaging-private-mode-popup.service.ts
@@ -3,6 +3,6 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 export default class BrowserMessagingPrivateModePopupService implements MessagingService {
   send(subscriber: string, arg: any = {}) {
     const message = Object.assign({}, { command: subscriber }, arg);
-    (window as any).bitwardenBackgroundMessageListener(message);
+    (self as any).bitwardenBackgroundMessageListener(message);
   }
 }
diff --git a/apps/browser/src/platform/services/browser-state.service.spec.ts b/apps/browser/src/platform/services/browser-state.service.spec.ts
index 3069b8f174..7e75b9b707 100644
--- a/apps/browser/src/platform/services/browser-state.service.spec.ts
+++ b/apps/browser/src/platform/services/browser-state.service.spec.ts
@@ -18,7 +18,6 @@ import { UserId } from "@bitwarden/common/types/guid";
 
 import { Account } from "../../models/account";
 import { BrowserComponentState } from "../../models/browserComponentState";
-import { BrowserGroupingsComponentState } from "../../models/browserGroupingsComponentState";
 import { BrowserSendComponentState } from "../../models/browserSendComponentState";
 
 import { BrowserStateService } from "./browser-state.service";
@@ -86,27 +85,6 @@ describe("Browser State Service", () => {
       );
     });
 
-    describe("getBrowserGroupingComponentState", () => {
-      it("should return a BrowserGroupingsComponentState", async () => {
-        state.accounts[userId].groupings = new BrowserGroupingsComponentState();
-
-        const actual = await sut.getBrowserGroupingComponentState();
-        expect(actual).toBeInstanceOf(BrowserGroupingsComponentState);
-      });
-    });
-
-    describe("getBrowserVaultItemsComponentState", () => {
-      it("should return a BrowserComponentState", async () => {
-        const componentState = new BrowserComponentState();
-        componentState.scrollY = 0;
-        componentState.searchText = "test";
-        state.accounts[userId].ciphers = componentState;
-
-        const actual = await sut.getBrowserVaultItemsComponentState();
-        expect(actual).toStrictEqual(componentState);
-      });
-    });
-
     describe("getBrowserSendComponentState", () => {
       it("should return a BrowserSendComponentState", async () => {
         const sendState = new BrowserSendComponentState();
diff --git a/apps/browser/src/platform/services/browser-state.service.ts b/apps/browser/src/platform/services/browser-state.service.ts
index f7ee74be21..ea410ee83a 100644
--- a/apps/browser/src/platform/services/browser-state.service.ts
+++ b/apps/browser/src/platform/services/browser-state.service.ts
@@ -16,7 +16,6 @@ import { StateService as BaseStateService } from "@bitwarden/common/platform/ser
 
 import { Account } from "../../models/account";
 import { BrowserComponentState } from "../../models/browserComponentState";
-import { BrowserGroupingsComponentState } from "../../models/browserGroupingsComponentState";
 import { BrowserSendComponentState } from "../../models/browserSendComponentState";
 import { BrowserApi } from "../browser/browser-api";
 import { browserSession, sessionSync } from "../decorators/session-sync-observable";
@@ -116,50 +115,6 @@ export class BrowserStateService
     );
   }
 
-  async getBrowserGroupingComponentState(
-    options?: StorageOptions,
-  ): Promise<BrowserGroupingsComponentState> {
-    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
-    )?.groupings;
-  }
-
-  async setBrowserGroupingComponentState(
-    value: BrowserGroupingsComponentState,
-    options?: StorageOptions,
-  ): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-    account.groupings = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-  }
-
-  async getBrowserVaultItemsComponentState(
-    options?: StorageOptions,
-  ): Promise<BrowserComponentState> {
-    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
-    )?.ciphers;
-  }
-
-  async setBrowserVaultItemsComponentState(
-    value: BrowserComponentState,
-    options?: StorageOptions,
-  ): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-    account.ciphers = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-  }
-
   async getBrowserSendComponentState(options?: StorageOptions): Promise<BrowserSendComponentState> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
diff --git a/apps/browser/src/platform/services/i18n.service.ts b/apps/browser/src/platform/services/i18n.service.ts
index 334ad8dc6c..a27c3935d7 100644
--- a/apps/browser/src/platform/services/i18n.service.ts
+++ b/apps/browser/src/platform/services/i18n.service.ts
@@ -25,6 +25,7 @@ export default class I18nService extends BaseI18nService {
       "bs",
       "ca",
       "cs",
+      "cy",
       "da",
       "de",
       "el",
@@ -37,6 +38,7 @@ export default class I18nService extends BaseI18nService {
       "fi",
       "fil",
       "fr",
+      "gl",
       "he",
       "hi",
       "hr",
@@ -51,9 +53,13 @@ export default class I18nService extends BaseI18nService {
       "lt",
       "lv",
       "ml",
+      "mr",
+      "my",
       "nb",
+      "ne",
       "nl",
       "nn",
+      "or",
       "pl",
       "pt-BR",
       "pt-PT",
@@ -64,6 +70,7 @@ export default class I18nService extends BaseI18nService {
       "sl",
       "sr",
       "sv",
+      "te",
       "th",
       "tr",
       "uk",
diff --git a/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts b/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts
index fff9f2c28f..7740a22071 100644
--- a/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts
+++ b/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts
@@ -2,45 +2,70 @@ import { mock, MockProxy } from "jest-mock-extended";
 
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
+import {
+  AbstractMemoryStorageService,
+  AbstractStorageService,
+  StorageUpdate,
+} from "@bitwarden/common/platform/abstractions/storage.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
-import BrowserLocalStorageService from "./browser-local-storage.service";
-import BrowserMemoryStorageService from "./browser-memory-storage.service";
 import { LocalBackedSessionStorageService } from "./local-backed-session-storage.service";
 
-describe("Browser Session Storage Service", () => {
+describe("LocalBackedSessionStorage", () => {
   let encryptService: MockProxy<EncryptService>;
   let keyGenerationService: MockProxy<KeyGenerationService>;
+  let localStorageService: MockProxy<AbstractStorageService>;
+  let sessionStorageService: MockProxy<AbstractMemoryStorageService>;
 
   let cache: Map<string, any>;
   const testObj = { a: 1, b: 2 };
 
-  let localStorage: BrowserLocalStorageService;
-  let sessionStorage: BrowserMemoryStorageService;
-
   const key = new SymmetricCryptoKey(Utils.fromUtf8ToArray("00000000000000000000000000000000"));
   let getSessionKeySpy: jest.SpyInstance;
+  let sendUpdateSpy: jest.SpyInstance<void, [storageUpdate: StorageUpdate]>;
   const mockEnc = (input: string) => Promise.resolve(new EncString("ENCRYPTED" + input));
 
   let sut: LocalBackedSessionStorageService;
 
+  const mockExistingSessionKey = (key: SymmetricCryptoKey) => {
+    sessionStorageService.get.mockImplementation((storageKey) => {
+      if (storageKey === "localEncryptionKey_test") {
+        return Promise.resolve(key?.toJSON());
+      }
+
+      return Promise.reject("No implementation for " + storageKey);
+    });
+  };
+
   beforeEach(() => {
     encryptService = mock<EncryptService>();
     keyGenerationService = mock<KeyGenerationService>();
+    localStorageService = mock<AbstractStorageService>();
+    sessionStorageService = mock<AbstractMemoryStorageService>();
 
-    sut = new LocalBackedSessionStorageService(encryptService, keyGenerationService);
+    sut = new LocalBackedSessionStorageService(
+      encryptService,
+      keyGenerationService,
+      localStorageService,
+      sessionStorageService,
+      "test",
+    );
 
     cache = sut["cache"];
-    localStorage = sut["localStorage"];
-    sessionStorage = sut["sessionStorage"];
+
+    keyGenerationService.createKeyWithPurpose.mockResolvedValue({
+      derivedKey: key,
+      salt: "bitwarden-ephemeral",
+      material: null, // Not used
+    });
+
     getSessionKeySpy = jest.spyOn(sut, "getSessionEncKey");
     getSessionKeySpy.mockResolvedValue(key);
-  });
 
-  it("should exist", () => {
-    expect(sut).toBeInstanceOf(LocalBackedSessionStorageService);
+    sendUpdateSpy = jest.spyOn(sut, "sendUpdate");
+    sendUpdateSpy.mockReturnValue();
   });
 
   describe("get", () => {
@@ -54,7 +79,7 @@ describe("Browser Session Storage Service", () => {
       const session = { test: testObj };
 
       beforeEach(() => {
-        jest.spyOn(sut, "getSessionEncKey").mockResolvedValue(key);
+        mockExistingSessionKey(key);
       });
 
       describe("no session retrieved", () => {
@@ -62,6 +87,7 @@ describe("Browser Session Storage Service", () => {
         let spy: jest.SpyInstance;
         beforeEach(async () => {
           spy = jest.spyOn(sut, "getLocalSession").mockResolvedValue(null);
+          localStorageService.get.mockResolvedValue(null);
           result = await sut.get("test");
         });
 
@@ -123,31 +149,31 @@ describe("Browser Session Storage Service", () => {
 
   describe("remove", () => {
     it("should save null", async () => {
-      const spy = jest.spyOn(sut, "save");
-      spy.mockResolvedValue(null);
       await sut.remove("test");
-      expect(spy).toHaveBeenCalledWith("test", null);
+      expect(sendUpdateSpy).toHaveBeenCalledWith({ key: "test", updateType: "remove" });
     });
   });
 
   describe("save", () => {
     describe("caching", () => {
       beforeEach(() => {
-        jest.spyOn(localStorage, "get").mockResolvedValue(null);
-        jest.spyOn(sessionStorage, "get").mockResolvedValue(null);
-        jest.spyOn(localStorage, "save").mockResolvedValue();
-        jest.spyOn(sessionStorage, "save").mockResolvedValue();
+        localStorageService.get.mockResolvedValue(null);
+        sessionStorageService.get.mockResolvedValue(null);
+
+        localStorageService.save.mockResolvedValue();
+        sessionStorageService.save.mockResolvedValue();
 
         encryptService.encrypt.mockResolvedValue(mockEnc("{}"));
       });
 
       it("should remove key from cache if value is null", async () => {
         cache.set("test", {});
-        const deleteSpy = jest.spyOn(cache, "delete");
+        const cacheSetSpy = jest.spyOn(cache, "set");
         expect(cache.has("test")).toBe(true);
         await sut.save("test", null);
-        expect(cache.has("test")).toBe(false);
-        expect(deleteSpy).toHaveBeenCalledWith("test");
+        // Don't remove from cache, just replace with null
+        expect(cache.get("test")).toBe(null);
+        expect(cacheSetSpy).toHaveBeenCalledWith("test", null);
       });
 
       it("should set cache if value is non-null", async () => {
@@ -197,7 +223,7 @@ describe("Browser Session Storage Service", () => {
     });
 
     it("should return the stored symmetric crypto key", async () => {
-      jest.spyOn(sessionStorage, "get").mockResolvedValue({ ...key });
+      sessionStorageService.get.mockResolvedValue({ ...key });
       const result = await sut.getSessionEncKey();
 
       expect(result).toStrictEqual(key);
@@ -205,7 +231,6 @@ describe("Browser Session Storage Service", () => {
 
     describe("new key creation", () => {
       beforeEach(() => {
-        jest.spyOn(sessionStorage, "get").mockResolvedValue(null);
         keyGenerationService.createKeyWithPurpose.mockResolvedValue({
           salt: "salt",
           material: null,
@@ -218,25 +243,24 @@ describe("Browser Session Storage Service", () => {
         const result = await sut.getSessionEncKey();
 
         expect(result).toStrictEqual(key);
-        expect(keyGenerationService.createKeyWithPurpose).toBeCalledTimes(1);
+        expect(keyGenerationService.createKeyWithPurpose).toHaveBeenCalledTimes(1);
       });
 
       it("should store a symmetric crypto key if it makes one", async () => {
         const spy = jest.spyOn(sut, "setSessionEncKey").mockResolvedValue();
         await sut.getSessionEncKey();
 
-        expect(spy).toBeCalledWith(key);
+        expect(spy).toHaveBeenCalledWith(key);
       });
     });
   });
 
   describe("getLocalSession", () => {
     it("should return null if session is null", async () => {
-      const spy = jest.spyOn(localStorage, "get").mockResolvedValue(null);
       const result = await sut.getLocalSession(key);
 
       expect(result).toBeNull();
-      expect(spy).toBeCalledWith("session");
+      expect(localStorageService.get).toHaveBeenCalledWith("session_test");
     });
 
     describe("non-null sessions", () => {
@@ -245,7 +269,7 @@ describe("Browser Session Storage Service", () => {
       const decryptedSession = JSON.stringify(session);
 
       beforeEach(() => {
-        jest.spyOn(localStorage, "get").mockResolvedValue(encSession.encryptedString);
+        localStorageService.get.mockResolvedValue(encSession.encryptedString);
       });
 
       it("should decrypt returned sessions", async () => {
@@ -267,13 +291,12 @@ describe("Browser Session Storage Service", () => {
       it("should remove state if decryption fails", async () => {
         encryptService.decryptToUtf8.mockResolvedValue(null);
         const setSessionEncKeySpy = jest.spyOn(sut, "setSessionEncKey").mockResolvedValue();
-        const removeLocalSessionSpy = jest.spyOn(localStorage, "remove").mockResolvedValue();
 
         const result = await sut.getLocalSession(key);
 
         expect(result).toBeNull();
         expect(setSessionEncKeySpy).toHaveBeenCalledWith(null);
-        expect(removeLocalSessionSpy).toHaveBeenCalledWith("session");
+        expect(localStorageService.remove).toHaveBeenCalledWith("session_test");
       });
     });
   });
@@ -284,7 +307,7 @@ describe("Browser Session Storage Service", () => {
 
     it("should encrypt a stringified session", async () => {
       encryptService.encrypt.mockImplementation(mockEnc);
-      jest.spyOn(localStorage, "save").mockResolvedValue();
+      localStorageService.save.mockResolvedValue();
       await sut.setLocalSession(testSession, key);
 
       expect(encryptService.encrypt).toHaveBeenNthCalledWith(1, testJSON, key);
@@ -292,32 +315,31 @@ describe("Browser Session Storage Service", () => {
 
     it("should remove local session if null", async () => {
       encryptService.encrypt.mockResolvedValue(null);
-      const spy = jest.spyOn(localStorage, "remove").mockResolvedValue();
       await sut.setLocalSession(null, key);
 
-      expect(spy).toHaveBeenCalledWith("session");
+      expect(localStorageService.remove).toHaveBeenCalledWith("session_test");
     });
 
     it("should save encrypted string", async () => {
       encryptService.encrypt.mockImplementation(mockEnc);
-      const spy = jest.spyOn(localStorage, "save").mockResolvedValue();
       await sut.setLocalSession(testSession, key);
 
-      expect(spy).toHaveBeenCalledWith("session", (await mockEnc(testJSON)).encryptedString);
+      expect(localStorageService.save).toHaveBeenCalledWith(
+        "session_test",
+        (await mockEnc(testJSON)).encryptedString,
+      );
     });
   });
 
   describe("setSessionKey", () => {
     it("should remove if null", async () => {
-      const spy = jest.spyOn(sessionStorage, "remove").mockResolvedValue();
       await sut.setSessionEncKey(null);
-      expect(spy).toHaveBeenCalledWith("localEncryptionKey");
+      expect(sessionStorageService.remove).toHaveBeenCalledWith("localEncryptionKey_test");
     });
 
     it("should save key when not null", async () => {
-      const spy = jest.spyOn(sessionStorage, "save").mockResolvedValue();
       await sut.setSessionEncKey(key);
-      expect(spy).toHaveBeenCalledWith("localEncryptionKey", key);
+      expect(sessionStorageService.save).toHaveBeenCalledWith("localEncryptionKey_test", key);
     });
   });
 });
diff --git a/apps/browser/src/platform/services/local-backed-session-storage.service.ts b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
index b2823ffe4b..3f01e4169e 100644
--- a/apps/browser/src/platform/services/local-backed-session-storage.service.ts
+++ b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
@@ -1,40 +1,60 @@
-import { Subject } from "rxjs";
+import { Observable, Subject, filter, map, merge, share, tap } from "rxjs";
 import { Jsonify } from "type-fest";
 
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import {
   AbstractMemoryStorageService,
+  AbstractStorageService,
+  ObservableStorageService,
   StorageUpdate,
 } from "@bitwarden/common/platform/abstractions/storage.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { MemoryStorageOptions } from "@bitwarden/common/platform/models/domain/storage-options";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
+import { fromChromeEvent } from "../browser/from-chrome-event";
 import { devFlag } from "../decorators/dev-flag.decorator";
 import { devFlagEnabled } from "../flags";
 
-import BrowserLocalStorageService from "./browser-local-storage.service";
-import BrowserMemoryStorageService from "./browser-memory-storage.service";
-
-const keys = {
-  encKey: "localEncryptionKey",
-  sessionKey: "session",
-};
-
-export class LocalBackedSessionStorageService extends AbstractMemoryStorageService {
+export class LocalBackedSessionStorageService
+  extends AbstractMemoryStorageService
+  implements ObservableStorageService
+{
   private cache = new Map<string, unknown>();
-  private localStorage = new BrowserLocalStorageService();
-  private sessionStorage = new BrowserMemoryStorageService();
   private updatesSubject = new Subject<StorageUpdate>();
-  updates$;
+
+  private commandName = `localBackedSessionStorage_${this.name}`;
+  private encKey = `localEncryptionKey_${this.name}`;
+  private sessionKey = `session_${this.name}`;
+
+  updates$: Observable<StorageUpdate>;
 
   constructor(
     private encryptService: EncryptService,
     private keyGenerationService: KeyGenerationService,
+    private localStorage: AbstractStorageService,
+    private sessionStorage: AbstractStorageService,
+    private name: string,
   ) {
     super();
-    this.updates$ = this.updatesSubject.asObservable();
+
+    const remoteObservable = fromChromeEvent(chrome.runtime.onMessage).pipe(
+      filter(([msg]) => msg.command === this.commandName),
+      map(([msg]) => msg.update as StorageUpdate),
+      tap((update) => {
+        if (update.updateType === "remove") {
+          this.cache.set(update.key, null);
+        } else {
+          this.cache.delete(update.key);
+        }
+      }),
+      share(),
+    );
+
+    remoteObservable.subscribe();
+
+    this.updates$ = merge(this.updatesSubject.asObservable(), remoteObservable);
   }
 
   get valuesRequireDeserialization(): boolean {
@@ -70,23 +90,37 @@ export class LocalBackedSessionStorageService extends AbstractMemoryStorageServi
 
   async save<T>(key: string, obj: T): Promise<void> {
     if (obj == null) {
-      this.cache.delete(key);
-    } else {
-      this.cache.set(key, obj);
+      return await this.remove(key);
     }
 
+    this.cache.set(key, obj);
+    await this.updateLocalSessionValue(key, obj);
+    this.sendUpdate({ key, updateType: "save" });
+  }
+
+  async remove(key: string): Promise<void> {
+    this.cache.set(key, null);
+    await this.updateLocalSessionValue(key, null);
+    this.sendUpdate({ key, updateType: "remove" });
+  }
+
+  sendUpdate(storageUpdate: StorageUpdate) {
+    this.updatesSubject.next(storageUpdate);
+    void chrome.runtime.sendMessage({
+      command: this.commandName,
+      update: storageUpdate,
+    });
+  }
+
+  private async updateLocalSessionValue<T>(key: string, obj: T) {
     const sessionEncKey = await this.getSessionEncKey();
     const localSession = (await this.getLocalSession(sessionEncKey)) ?? {};
     localSession[key] = obj;
     await this.setLocalSession(localSession, sessionEncKey);
   }
 
-  async remove(key: string): Promise<void> {
-    await this.save(key, null);
-  }
-
   async getLocalSession(encKey: SymmetricCryptoKey): Promise<Record<string, unknown>> {
-    const local = await this.localStorage.get<string>(keys.sessionKey);
+    const local = await this.localStorage.get<string>(this.sessionKey);
 
     if (local == null) {
       return null;
@@ -100,7 +134,7 @@ export class LocalBackedSessionStorageService extends AbstractMemoryStorageServi
     if (sessionJson == null) {
       // Error with decryption -- session is lost, delete state and key and start over
       await this.setSessionEncKey(null);
-      await this.localStorage.remove(keys.sessionKey);
+      await this.localStorage.remove(this.sessionKey);
       return null;
     }
     return JSON.parse(sessionJson);
@@ -119,9 +153,9 @@ export class LocalBackedSessionStorageService extends AbstractMemoryStorageServi
     // Make sure we're storing the jsonified version of the session
     const jsonSession = JSON.parse(JSON.stringify(session));
     if (session == null) {
-      await this.localStorage.remove(keys.sessionKey);
+      await this.localStorage.remove(this.sessionKey);
     } else {
-      await this.localStorage.save(keys.sessionKey, jsonSession);
+      await this.localStorage.save(this.sessionKey, jsonSession);
     }
   }
 
@@ -130,13 +164,13 @@ export class LocalBackedSessionStorageService extends AbstractMemoryStorageServi
     const encSession = await this.encryptService.encrypt(jsonSession, key);
 
     if (encSession == null) {
-      return await this.localStorage.remove(keys.sessionKey);
+      return await this.localStorage.remove(this.sessionKey);
     }
-    await this.localStorage.save(keys.sessionKey, encSession.encryptedString);
+    await this.localStorage.save(this.sessionKey, encSession.encryptedString);
   }
 
   async getSessionEncKey(): Promise<SymmetricCryptoKey> {
-    let storedKey = await this.sessionStorage.get<SymmetricCryptoKey>(keys.encKey);
+    let storedKey = await this.sessionStorage.get<SymmetricCryptoKey>(this.encKey);
     if (storedKey == null || Object.keys(storedKey).length == 0) {
       const generatedKey = await this.keyGenerationService.createKeyWithPurpose(
         128,
@@ -153,9 +187,9 @@ export class LocalBackedSessionStorageService extends AbstractMemoryStorageServi
 
   async setSessionEncKey(input: SymmetricCryptoKey): Promise<void> {
     if (input == null) {
-      await this.sessionStorage.remove(keys.encKey);
+      await this.sessionStorage.remove(this.encKey);
     } else {
-      await this.sessionStorage.save(keys.encKey, input);
+      await this.sessionStorage.save(this.encKey, input);
     }
   }
 }
diff --git a/apps/browser/src/popup/app.component.ts b/apps/browser/src/popup/app.component.ts
index 7f2d8f682a..68e519c406 100644
--- a/apps/browser/src/popup/app.component.ts
+++ b/apps/browser/src/popup/app.component.ts
@@ -13,6 +13,7 @@ import { BrowserApi } from "../platform/browser/browser-api";
 import { ZonedMessageListenerService } from "../platform/browser/zoned-message-listener.service";
 import { BrowserStateService } from "../platform/services/abstractions/browser-state.service";
 import { ForegroundPlatformUtilsService } from "../platform/services/platform-utils/foreground-platform-utils.service";
+import { VaultBrowserStateService } from "../vault/services/vault-browser-state.service";
 
 import { routerTransition } from "./app-routing.animations";
 import { DesktopSyncVerificationDialogComponent } from "./components/desktop-sync-verification-dialog.component";
@@ -38,6 +39,7 @@ export class AppComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private router: Router,
     private stateService: BrowserStateService,
+    private vaultBrowserStateService: VaultBrowserStateService,
     private cipherService: CipherService,
     private changeDetectorRef: ChangeDetectorRef,
     private ngZone: NgZone,
@@ -142,7 +144,7 @@ export class AppComponent implements OnInit, OnDestroy {
       }
     };
 
-    (window as any).bitwardenPopupMainMessageListener = bitwardenPopupMainMessageListener;
+    (self as any).bitwardenPopupMainMessageListener = bitwardenPopupMainMessageListener;
     this.browserMessagingApi.messageListener("app.component", bitwardenPopupMainMessageListener);
 
     // eslint-disable-next-line rxjs/no-async-subscribe
@@ -229,8 +231,8 @@ export class AppComponent implements OnInit, OnDestroy {
     }
 
     await Promise.all([
-      this.stateService.setBrowserGroupingComponentState(null),
-      this.stateService.setBrowserVaultItemsComponentState(null),
+      this.vaultBrowserStateService.setBrowserGroupingsComponentState(null),
+      this.vaultBrowserStateService.setBrowserVaultItemsComponentState(null),
       this.stateService.setBrowserSendComponentState(null),
       this.stateService.setBrowserSendTypeComponentState(null),
     ]);
diff --git a/apps/browser/src/popup/app.module.ts b/apps/browser/src/popup/app.module.ts
index e438f2588b..d179868448 100644
--- a/apps/browser/src/popup/app.module.ts
+++ b/apps/browser/src/popup/app.module.ts
@@ -16,6 +16,7 @@ import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { ColorPasswordCountPipe } from "@bitwarden/angular/pipes/color-password-count.pipe";
 import { ColorPasswordPipe } from "@bitwarden/angular/pipes/color-password.pipe";
 import { AvatarModule, ButtonModule } from "@bitwarden/components";
+import { ExportScopeCalloutComponent } from "@bitwarden/vault-export-ui";
 
 import { AccountSwitcherComponent } from "../auth/popup/account-switching/account-switcher.component";
 import { AccountComponent } from "../auth/popup/account-switching/account.component";
@@ -107,6 +108,7 @@ import "../platform/popup/locales";
     AvatarModule,
     AccountComponent,
     ButtonModule,
+    ExportScopeCalloutComponent,
   ],
   declarations: [
     ActionButtonsComponent,
diff --git a/apps/browser/src/popup/scss/base.scss b/apps/browser/src/popup/scss/base.scss
index 85983c6391..73da455941 100644
--- a/apps/browser/src/popup/scss/base.scss
+++ b/apps/browser/src/popup/scss/base.scss
@@ -17,6 +17,8 @@ body {
 body {
   width: 375px !important;
   height: 600px !important;
+  position: relative;
+  min-height: 100vh;
   overflow: hidden;
   color: $text-color;
   background-color: $background-color;
@@ -169,7 +171,7 @@ cdk-virtual-scroll-viewport::-webkit-scrollbar-thumb,
   }
 }
 
-header:not(bit-callout header) {
+header:not(bit-callout header, bit-dialog header) {
   height: 44px;
   display: flex;
 
diff --git a/apps/browser/src/popup/services/init.service.ts b/apps/browser/src/popup/services/init.service.ts
index b0e80ab960..4036ace31f 100644
--- a/apps/browser/src/popup/services/init.service.ts
+++ b/apps/browser/src/popup/services/init.service.ts
@@ -5,7 +5,6 @@ import { AbstractThemingService } from "@bitwarden/angular/platform/services/the
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService as LogServiceAbstraction } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
 
 import { BrowserApi } from "../../platform/browser/browser-api";
 import BrowserPopupUtils from "../../platform/popup/browser-popup-utils";
@@ -19,7 +18,6 @@ export class InitService {
     private stateService: StateServiceAbstraction,
     private logService: LogServiceAbstraction,
     private themingService: AbstractThemingService,
-    private configService: ConfigService,
     @Inject(DOCUMENT) private document: Document,
   ) {}
 
@@ -55,7 +53,6 @@ export class InitService {
         this.logService.info("Force redraw is on");
       }
 
-      this.configService.init();
       this.setupVaultPopupHeartbeat();
     };
   }
diff --git a/apps/browser/src/popup/services/popup-search.service.ts b/apps/browser/src/popup/services/popup-search.service.ts
index 7eea1265a2..bc5e565e6c 100644
--- a/apps/browser/src/popup/services/popup-search.service.ts
+++ b/apps/browser/src/popup/services/popup-search.service.ts
@@ -1,14 +1,14 @@
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { SearchService } from "@bitwarden/common/services/search.service";
 
 export class PopupSearchService extends SearchService {
   constructor(
     private mainSearchService: SearchService,
-    consoleLogService: ConsoleLogService,
+    logService: LogService,
     i18nService: I18nService,
   ) {
-    super(consoleLogService, i18nService);
+    super(logService, i18nService);
   }
 
   clearIndex() {
diff --git a/apps/browser/src/popup/services/services.module.ts b/apps/browser/src/popup/services/services.module.ts
index 52de0303fa..6d0f73f206 100644
--- a/apps/browser/src/popup/services/services.module.ts
+++ b/apps/browser/src/popup/services/services.module.ts
@@ -1,22 +1,24 @@
 import { APP_INITIALIZER, NgModule, NgZone } from "@angular/core";
 import { DomSanitizer } from "@angular/platform-browser";
+import { Router } from "@angular/router";
 import { ToastrService } from "ngx-toastr";
 
 import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards";
 import { AngularThemingService } from "@bitwarden/angular/platform/services/theming/angular-theming.service";
+import { SafeProvider, safeProvider } from "@bitwarden/angular/platform/utils/safe-provider";
 import {
   MEMORY_STORAGE,
   SECURE_STORAGE,
   OBSERVABLE_DISK_STORAGE,
   OBSERVABLE_MEMORY_STORAGE,
   SYSTEM_THEME_OBSERVABLE,
+  SafeInjectionToken,
 } from "@bitwarden/angular/services/injection-tokens";
 import { JslibServicesModule } from "@bitwarden/angular/services/jslib-services.module";
 import {
   AuthRequestServiceAbstraction,
   LoginStrategyServiceAbstraction,
 } from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
 import { SearchService as SearchServiceAbstraction } from "@bitwarden/common/abstractions/search.service";
 import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
@@ -28,13 +30,11 @@ import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/ab
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
-import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
-import { LoginService } from "@bitwarden/common/auth/services/login.service";
 import {
   AutofillSettingsService,
   AutofillSettingsServiceAbstraction,
@@ -47,19 +47,13 @@ import {
   UserNotificationSettingsService,
   UserNotificationSettingsServiceAbstraction,
 } from "@bitwarden/common/autofill/services/user-notification-settings.service";
-import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config-api.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
-import { FileUploadService } from "@bitwarden/common/platform/abstractions/file-upload/file-upload.service";
 import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
-import {
-  LogService,
-  LogService as LogServiceAbstraction,
-} from "@bitwarden/common/platform/abstractions/log.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService as BaseStateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
@@ -69,7 +63,6 @@ import {
 } from "@bitwarden/common/platform/abstractions/storage.service";
 import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { MigrationRunner } from "@bitwarden/common/platform/services/migration-runner";
@@ -82,13 +75,6 @@ import {
 import { SearchService } from "@bitwarden/common/services/search.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { UsernameGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/username";
-import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
-import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service";
-import { SendApiService as SendApiServiceAbstraction } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
-import {
-  InternalSendService as InternalSendServiceAbstraction,
-  SendService,
-} from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { CipherFileUploadService } from "@bitwarden/common/vault/abstractions/file-upload/cipher-file-upload.service";
@@ -96,7 +82,6 @@ import { FolderService as FolderServiceAbstraction } from "@bitwarden/common/vau
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
 import { DialogService } from "@bitwarden/components";
-import { ImportServiceAbstraction } from "@bitwarden/importer/core";
 import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
 
 import { UnauthGuardService } from "../../auth/popup/services";
@@ -105,10 +90,9 @@ import MainBackground from "../../background/main.background";
 import { Account } from "../../models/account";
 import { BrowserApi } from "../../platform/browser/browser-api";
 import BrowserPopupUtils from "../../platform/popup/browser-popup-utils";
+import { BrowserFileDownloadService } from "../../platform/popup/services/browser-file-download.service";
 import { BrowserStateService as StateServiceAbstraction } from "../../platform/services/abstractions/browser-state.service";
-import { BrowserConfigService } from "../../platform/services/browser-config.service";
 import { BrowserEnvironmentService } from "../../platform/services/browser-environment.service";
-import { BrowserFileDownloadService } from "../../platform/services/browser-file-download.service";
 import BrowserLocalStorageService from "../../platform/services/browser-local-storage.service";
 import BrowserMessagingPrivateModePopupService from "../../platform/services/browser-messaging-private-mode-popup.service";
 import BrowserMessagingService from "../../platform/services/browser-messaging.service";
@@ -117,8 +101,8 @@ import I18nService from "../../platform/services/i18n.service";
 import { ForegroundPlatformUtilsService } from "../../platform/services/platform-utils/foreground-platform-utils.service";
 import { ForegroundDerivedStateProvider } from "../../platform/state/foreground-derived-state.provider";
 import { ForegroundMemoryStorageService } from "../../platform/storage/foreground-memory-storage.service";
-import { BrowserSendService } from "../../services/browser-send.service";
 import { FilePopoutUtilsService } from "../../tools/popup/services/file-popout-utils.service";
+import { VaultBrowserStateService } from "../../vault/services/vault-browser-state.service";
 import { VaultFilterService } from "../../vault/services/vault-filter.service";
 
 import { DebounceNavigationService } from "./debounce-navigation.service";
@@ -147,376 +131,353 @@ function getBgService<T>(service: keyof MainBackground) {
   };
 }
 
+/**
+ * Provider definitions used in the ngModule.
+ * Add your provider definition here using the safeProvider function as a wrapper. This will give you type safety.
+ * If you need help please ask for it, do NOT change the type of this array.
+ */
+const safeProviders: SafeProvider[] = [
+  safeProvider(InitService),
+  safeProvider(DebounceNavigationService),
+  safeProvider(DialogService),
+  safeProvider(PopupCloseWarningService),
+  safeProvider({
+    provide: APP_INITIALIZER as SafeInjectionToken<() => Promise<void>>,
+    useFactory: (initService: InitService) => initService.init(),
+    deps: [InitService],
+    multi: true,
+  }),
+  safeProvider({
+    provide: BaseUnauthGuardService,
+    useClass: UnauthGuardService,
+    deps: [AuthServiceAbstraction, Router],
+  }),
+  safeProvider({
+    provide: MessagingService,
+    useFactory: () => {
+      return needsBackgroundInit
+        ? new BrowserMessagingPrivateModePopupService()
+        : new BrowserMessagingService();
+    },
+    deps: [],
+  }),
+  safeProvider({
+    provide: TwoFactorService,
+    useFactory: getBgService<TwoFactorService>("twoFactorService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: AuthServiceAbstraction,
+    useFactory: getBgService<AuthService>("authService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: LoginStrategyServiceAbstraction,
+    useFactory: getBgService<LoginStrategyServiceAbstraction>("loginStrategyService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: SsoLoginServiceAbstraction,
+    useFactory: getBgService<SsoLoginServiceAbstraction>("ssoLoginService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: SearchServiceAbstraction,
+    useFactory: (logService: LogService, i18nService: I18nServiceAbstraction) => {
+      return new PopupSearchService(
+        getBgService<SearchService>("searchService")(),
+        logService,
+        i18nService,
+      );
+    },
+    deps: [LogService, I18nServiceAbstraction],
+  }),
+  safeProvider({
+    provide: CipherFileUploadService,
+    useFactory: getBgService<CipherFileUploadService>("cipherFileUploadService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: CipherService,
+    useFactory: getBgService<CipherService>("cipherService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: CryptoFunctionService,
+    useFactory: () => new WebCryptoFunctionService(window),
+    deps: [],
+  }),
+  safeProvider({
+    provide: CollectionService,
+    useFactory: getBgService<CollectionService>("collectionService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: LogService,
+    useFactory: (platformUtilsService: PlatformUtilsService) =>
+      new ConsoleLogService(platformUtilsService.isDev()),
+    deps: [PlatformUtilsService],
+  }),
+  safeProvider({
+    provide: EnvironmentService,
+    useExisting: BrowserEnvironmentService,
+  }),
+  safeProvider({
+    provide: BrowserEnvironmentService,
+    useClass: BrowserEnvironmentService,
+    deps: [LogService, StateProvider, AccountServiceAbstraction],
+  }),
+  safeProvider({
+    provide: TotpService,
+    useFactory: getBgService<TotpService>("totpService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: I18nServiceAbstraction,
+    useFactory: (globalStateProvider: GlobalStateProvider) => {
+      return new I18nService(BrowserApi.getUILanguage(), globalStateProvider);
+    },
+    deps: [GlobalStateProvider],
+  }),
+  safeProvider({
+    provide: CryptoService,
+    useFactory: (encryptService: EncryptService) => {
+      const cryptoService = getBgService<CryptoService>("cryptoService")();
+      new ContainerService(cryptoService, encryptService).attachToGlobal(self);
+      return cryptoService;
+    },
+    deps: [EncryptService],
+  }),
+  safeProvider({
+    provide: AuthRequestServiceAbstraction,
+    useFactory: getBgService<AuthRequestServiceAbstraction>("authRequestService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: DeviceTrustCryptoServiceAbstraction,
+    useFactory: getBgService<DeviceTrustCryptoServiceAbstraction>("deviceTrustCryptoService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: DevicesServiceAbstraction,
+    useFactory: getBgService<DevicesServiceAbstraction>("devicesService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: PlatformUtilsService,
+    useExisting: ForegroundPlatformUtilsService,
+  }),
+  safeProvider({
+    provide: ForegroundPlatformUtilsService,
+    useClass: ForegroundPlatformUtilsService,
+    useFactory: (sanitizer: DomSanitizer, toastrService: ToastrService) => {
+      return new ForegroundPlatformUtilsService(
+        sanitizer,
+        toastrService,
+        (clipboardValue: string, clearMs: number) => {
+          void BrowserApi.sendMessage("clearClipboard", { clipboardValue, clearMs });
+        },
+        async () => {
+          const response = await BrowserApi.sendMessageWithResponse<{
+            result: boolean;
+            error: string;
+          }>("biometricUnlock");
+          if (!response.result) {
+            throw response.error;
+          }
+          return response.result;
+        },
+        window,
+      );
+    },
+    deps: [DomSanitizer, ToastrService],
+  }),
+  safeProvider({
+    provide: PasswordGenerationServiceAbstraction,
+    useFactory: getBgService<PasswordGenerationServiceAbstraction>("passwordGenerationService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: SyncService,
+    useFactory: getBgService<SyncService>("syncService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: DomainSettingsService,
+    useClass: DefaultDomainSettingsService,
+    deps: [StateProvider],
+  }),
+  safeProvider({
+    provide: AbstractStorageService,
+    useClass: BrowserLocalStorageService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: AutofillService,
+    useFactory: getBgService<AutofillService>("autofillService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: VaultExportServiceAbstraction,
+    useFactory: getBgService<VaultExportServiceAbstraction>("exportService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: KeyConnectorService,
+    useFactory: getBgService<KeyConnectorService>("keyConnectorService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: UserVerificationService,
+    useFactory: getBgService<UserVerificationService>("userVerificationService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: VaultTimeoutSettingsService,
+    useFactory: getBgService<VaultTimeoutSettingsService>("vaultTimeoutSettingsService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: VaultTimeoutService,
+    useFactory: getBgService<VaultTimeoutService>("vaultTimeoutService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: NotificationsService,
+    useFactory: getBgService<NotificationsService>("notificationsService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: VaultFilterService,
+    useClass: VaultFilterService,
+    deps: [
+      OrganizationService,
+      FolderServiceAbstraction,
+      CipherService,
+      CollectionService,
+      PolicyService,
+      StateProvider,
+      AccountServiceAbstraction,
+    ],
+  }),
+  safeProvider({
+    provide: SECURE_STORAGE,
+    useExisting: AbstractStorageService, // Secure storage is not available in the browser, so we use normal storage instead and warn users when it is used.
+  }),
+  safeProvider({
+    provide: MEMORY_STORAGE,
+    useFactory: getBgService<AbstractStorageService>("memoryStorageService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: OBSERVABLE_MEMORY_STORAGE,
+    useClass: ForegroundMemoryStorageService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: OBSERVABLE_DISK_STORAGE,
+    useExisting: AbstractStorageService,
+  }),
+  safeProvider({
+    provide: VaultBrowserStateService,
+    useFactory: (stateProvider: StateProvider) => {
+      return new VaultBrowserStateService(stateProvider);
+    },
+    deps: [StateProvider],
+  }),
+  safeProvider({
+    provide: StateServiceAbstraction,
+    useFactory: (
+      storageService: AbstractStorageService,
+      secureStorageService: AbstractStorageService,
+      memoryStorageService: AbstractMemoryStorageService,
+      logService: LogService,
+      accountService: AccountServiceAbstraction,
+      environmentService: EnvironmentService,
+      tokenService: TokenService,
+      migrationRunner: MigrationRunner,
+    ) => {
+      return new BrowserStateService(
+        storageService,
+        secureStorageService,
+        memoryStorageService,
+        logService,
+        new StateFactory(GlobalState, Account),
+        accountService,
+        environmentService,
+        tokenService,
+        migrationRunner,
+      );
+    },
+    deps: [
+      AbstractStorageService,
+      SECURE_STORAGE,
+      MEMORY_STORAGE,
+      LogService,
+      AccountServiceAbstraction,
+      EnvironmentService,
+      TokenService,
+      MigrationRunner,
+    ],
+  }),
+  safeProvider({
+    provide: UsernameGenerationServiceAbstraction,
+    useFactory: getBgService<UsernameGenerationServiceAbstraction>("usernameGenerationService"),
+    deps: [],
+  }),
+  safeProvider({
+    provide: BaseStateServiceAbstraction,
+    useExisting: StateServiceAbstraction,
+    deps: [],
+  }),
+  safeProvider({
+    provide: FileDownloadService,
+    useClass: BrowserFileDownloadService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: SYSTEM_THEME_OBSERVABLE,
+    useFactory: (platformUtilsService: PlatformUtilsService) => {
+      // Safari doesn't properly handle the (prefers-color-scheme) media query in the popup window, it always returns light.
+      // In Safari, we have to use the background page instead, which comes with limitations like not dynamically changing the extension theme when the system theme is changed.
+      let windowContext = window;
+      const backgroundWindow = BrowserApi.getBackgroundPage();
+      if (platformUtilsService.isSafari() && backgroundWindow) {
+        windowContext = backgroundWindow;
+      }
+
+      return AngularThemingService.createSystemThemeFromWindow(windowContext);
+    },
+    deps: [PlatformUtilsService],
+  }),
+  safeProvider({
+    provide: FilePopoutUtilsService,
+    useFactory: (platformUtilsService: PlatformUtilsService) => {
+      return new FilePopoutUtilsService(platformUtilsService);
+    },
+    deps: [PlatformUtilsService],
+  }),
+  safeProvider({
+    provide: DerivedStateProvider,
+    useClass: ForegroundDerivedStateProvider,
+    deps: [OBSERVABLE_MEMORY_STORAGE, NgZone],
+  }),
+  safeProvider({
+    provide: AutofillSettingsServiceAbstraction,
+    useClass: AutofillSettingsService,
+    deps: [StateProvider, PolicyService],
+  }),
+  safeProvider({
+    provide: UserNotificationSettingsServiceAbstraction,
+    useClass: UserNotificationSettingsService,
+    deps: [StateProvider],
+  }),
+];
+
 @NgModule({
   imports: [JslibServicesModule],
   declarations: [],
-  providers: [
-    InitService,
-    DebounceNavigationService,
-    DialogService,
-    PopupCloseWarningService,
-    {
-      provide: APP_INITIALIZER,
-      useFactory: (initService: InitService) => initService.init(),
-      deps: [InitService],
-      multi: true,
-    },
-    { provide: BaseUnauthGuardService, useClass: UnauthGuardService },
-    {
-      provide: MessagingService,
-      useFactory: () => {
-        return needsBackgroundInit
-          ? new BrowserMessagingPrivateModePopupService()
-          : new BrowserMessagingService();
-      },
-    },
-    {
-      provide: TwoFactorService,
-      useFactory: getBgService<TwoFactorService>("twoFactorService"),
-      deps: [],
-    },
-    {
-      provide: AuthServiceAbstraction,
-      useFactory: getBgService<AuthService>("authService"),
-      deps: [],
-    },
-    {
-      provide: LoginStrategyServiceAbstraction,
-      useFactory: getBgService<LoginStrategyServiceAbstraction>("loginStrategyService"),
-    },
-    {
-      provide: SsoLoginServiceAbstraction,
-      useFactory: getBgService<SsoLoginServiceAbstraction>("ssoLoginService"),
-      deps: [],
-    },
-    {
-      provide: SearchServiceAbstraction,
-      useFactory: (logService: ConsoleLogService, i18nService: I18nServiceAbstraction) => {
-        return new PopupSearchService(
-          getBgService<SearchService>("searchService")(),
-          logService,
-          i18nService,
-        );
-      },
-      deps: [LogServiceAbstraction, I18nServiceAbstraction],
-    },
-    {
-      provide: CipherFileUploadService,
-      useFactory: getBgService<CipherFileUploadService>("cipherFileUploadService"),
-      deps: [],
-    },
-    { provide: CipherService, useFactory: getBgService<CipherService>("cipherService"), deps: [] },
-    {
-      provide: CryptoFunctionService,
-      useFactory: () => new WebCryptoFunctionService(window),
-      deps: [],
-    },
-    {
-      provide: CollectionService,
-      useFactory: getBgService<CollectionService>("collectionService"),
-      deps: [],
-    },
-    {
-      provide: LogServiceAbstraction,
-      useFactory: (platformUtilsService: PlatformUtilsService) =>
-        new ConsoleLogService(platformUtilsService.isDev()),
-      deps: [PlatformUtilsService],
-    },
-    {
-      provide: BrowserEnvironmentService,
-      useExisting: EnvironmentService,
-    },
-    {
-      provide: EnvironmentService,
-      useFactory: getBgService<EnvironmentService>("environmentService"),
-      deps: [],
-    },
-    { provide: TotpService, useFactory: getBgService<TotpService>("totpService"), deps: [] },
-    {
-      provide: I18nServiceAbstraction,
-      useFactory: (globalStateProvider: GlobalStateProvider) => {
-        return new I18nService(BrowserApi.getUILanguage(), globalStateProvider);
-      },
-      deps: [GlobalStateProvider],
-    },
-    {
-      provide: CryptoService,
-      useFactory: (encryptService: EncryptService) => {
-        const cryptoService = getBgService<CryptoService>("cryptoService")();
-        new ContainerService(cryptoService, encryptService).attachToGlobal(self);
-        return cryptoService;
-      },
-      deps: [EncryptService],
-    },
-    {
-      provide: AuthRequestServiceAbstraction,
-      useFactory: getBgService<AuthRequestServiceAbstraction>("authRequestService"),
-      deps: [],
-    },
-    {
-      provide: DeviceTrustCryptoServiceAbstraction,
-      useFactory: getBgService<DeviceTrustCryptoServiceAbstraction>("deviceTrustCryptoService"),
-      deps: [],
-    },
-    {
-      provide: DevicesServiceAbstraction,
-      useFactory: getBgService<DevicesServiceAbstraction>("devicesService"),
-      deps: [],
-    },
-    {
-      provide: PlatformUtilsService,
-      useExisting: ForegroundPlatformUtilsService,
-    },
-    {
-      provide: ForegroundPlatformUtilsService,
-      useClass: ForegroundPlatformUtilsService,
-      useFactory: (sanitizer: DomSanitizer, toastrService: ToastrService) => {
-        return new ForegroundPlatformUtilsService(
-          sanitizer,
-          toastrService,
-          (clipboardValue: string, clearMs: number) => {
-            void BrowserApi.sendMessage("clearClipboard", { clipboardValue, clearMs });
-          },
-          async () => {
-            const response = await BrowserApi.sendMessageWithResponse<{
-              result: boolean;
-              error: string;
-            }>("biometricUnlock");
-            if (!response.result) {
-              throw response.error;
-            }
-            return response.result;
-          },
-          window,
-        );
-      },
-      deps: [DomSanitizer, ToastrService],
-    },
-    {
-      provide: PasswordStrengthServiceAbstraction,
-      useFactory: getBgService<PasswordStrengthServiceAbstraction>("passwordStrengthService"),
-      deps: [],
-    },
-    {
-      provide: PasswordGenerationServiceAbstraction,
-      useFactory: getBgService<PasswordGenerationServiceAbstraction>("passwordGenerationService"),
-      deps: [],
-    },
-    {
-      provide: SendService,
-      useFactory: (
-        cryptoService: CryptoService,
-        i18nService: I18nServiceAbstraction,
-        keyGenerationService: KeyGenerationService,
-        stateServiceAbstraction: StateServiceAbstraction,
-      ) => {
-        return new BrowserSendService(
-          cryptoService,
-          i18nService,
-          keyGenerationService,
-          stateServiceAbstraction,
-        );
-      },
-      deps: [CryptoService, I18nServiceAbstraction, KeyGenerationService, StateServiceAbstraction],
-    },
-    {
-      provide: InternalSendServiceAbstraction,
-      useExisting: SendService,
-    },
-    {
-      provide: SendApiServiceAbstraction,
-      useFactory: (
-        apiService: ApiService,
-        fileUploadService: FileUploadService,
-        sendService: InternalSendServiceAbstraction,
-      ) => {
-        return new SendApiService(apiService, fileUploadService, sendService);
-      },
-      deps: [ApiService, FileUploadService, InternalSendServiceAbstraction],
-    },
-    { provide: SyncService, useFactory: getBgService<SyncService>("syncService"), deps: [] },
-    {
-      provide: DomainSettingsService,
-      useClass: DefaultDomainSettingsService,
-      deps: [StateProvider],
-    },
-    {
-      provide: AbstractStorageService,
-      useClass: BrowserLocalStorageService,
-      deps: [],
-    },
-    {
-      provide: AutofillService,
-      useFactory: getBgService<AutofillService>("autofillService"),
-      deps: [],
-    },
-    {
-      provide: ImportServiceAbstraction,
-      useFactory: getBgService<ImportServiceAbstraction>("importService"),
-      deps: [],
-    },
-    {
-      provide: VaultExportServiceAbstraction,
-      useFactory: getBgService<VaultExportServiceAbstraction>("exportService"),
-      deps: [],
-    },
-    {
-      provide: KeyConnectorService,
-      useFactory: getBgService<KeyConnectorService>("keyConnectorService"),
-      deps: [],
-    },
-    {
-      provide: UserVerificationService,
-      useFactory: getBgService<UserVerificationService>("userVerificationService"),
-      deps: [],
-    },
-    {
-      provide: VaultTimeoutSettingsService,
-      useFactory: getBgService<VaultTimeoutSettingsService>("vaultTimeoutSettingsService"),
-      deps: [],
-    },
-    {
-      provide: VaultTimeoutService,
-      useFactory: getBgService<VaultTimeoutService>("vaultTimeoutService"),
-      deps: [],
-    },
-    {
-      provide: NotificationsService,
-      useFactory: getBgService<NotificationsService>("notificationsService"),
-      deps: [],
-    },
-    {
-      provide: VaultFilterService,
-      useClass: VaultFilterService,
-      deps: [
-        OrganizationService,
-        FolderServiceAbstraction,
-        CipherService,
-        CollectionService,
-        PolicyService,
-        StateProvider,
-        AccountServiceAbstraction,
-      ],
-    },
-    {
-      provide: SECURE_STORAGE,
-      useExisting: AbstractStorageService, // Secure storage is not available in the browser, so we use normal storage instead and warn users when it is used.
-    },
-    {
-      provide: MEMORY_STORAGE,
-      useFactory: getBgService<AbstractStorageService>("memoryStorageService"),
-    },
-    {
-      provide: OBSERVABLE_MEMORY_STORAGE,
-      useClass: ForegroundMemoryStorageService,
-      deps: [],
-    },
-    {
-      provide: OBSERVABLE_DISK_STORAGE,
-      useExisting: AbstractStorageService,
-    },
-    {
-      provide: StateServiceAbstraction,
-      useFactory: (
-        storageService: AbstractStorageService,
-        secureStorageService: AbstractStorageService,
-        memoryStorageService: AbstractMemoryStorageService,
-        logService: LogServiceAbstraction,
-        accountService: AccountServiceAbstraction,
-        environmentService: EnvironmentService,
-        tokenService: TokenService,
-        migrationRunner: MigrationRunner,
-      ) => {
-        return new BrowserStateService(
-          storageService,
-          secureStorageService,
-          memoryStorageService,
-          logService,
-          new StateFactory(GlobalState, Account),
-          accountService,
-          environmentService,
-          tokenService,
-          migrationRunner,
-        );
-      },
-      deps: [
-        AbstractStorageService,
-        SECURE_STORAGE,
-        MEMORY_STORAGE,
-        LogServiceAbstraction,
-        AccountServiceAbstraction,
-        EnvironmentService,
-        TokenService,
-        MigrationRunner,
-      ],
-    },
-    {
-      provide: UsernameGenerationServiceAbstraction,
-      useFactory: getBgService<UsernameGenerationServiceAbstraction>("usernameGenerationService"),
-      deps: [],
-    },
-    {
-      provide: BaseStateServiceAbstraction,
-      useExisting: StateServiceAbstraction,
-      deps: [],
-    },
-    {
-      provide: FileDownloadService,
-      useClass: BrowserFileDownloadService,
-    },
-    {
-      provide: LoginServiceAbstraction,
-      useClass: LoginService,
-      deps: [StateServiceAbstraction],
-    },
-    {
-      provide: SYSTEM_THEME_OBSERVABLE,
-      useFactory: (platformUtilsService: PlatformUtilsService) => {
-        // Safari doesn't properly handle the (prefers-color-scheme) media query in the popup window, it always returns light.
-        // In Safari, we have to use the background page instead, which comes with limitations like not dynamically changing the extension theme when the system theme is changed.
-        let windowContext = window;
-        const backgroundWindow = BrowserApi.getBackgroundPage();
-        if (platformUtilsService.isSafari() && backgroundWindow) {
-          windowContext = backgroundWindow;
-        }
-
-        return AngularThemingService.createSystemThemeFromWindow(windowContext);
-      },
-      deps: [PlatformUtilsService],
-    },
-    {
-      provide: ConfigService,
-      useClass: BrowserConfigService,
-      deps: [
-        StateServiceAbstraction,
-        ConfigApiServiceAbstraction,
-        AuthServiceAbstraction,
-        EnvironmentService,
-        LogService,
-      ],
-    },
-    {
-      provide: FilePopoutUtilsService,
-      useFactory: (platformUtilsService: PlatformUtilsService) => {
-        return new FilePopoutUtilsService(platformUtilsService);
-      },
-      deps: [PlatformUtilsService],
-    },
-    {
-      provide: DerivedStateProvider,
-      useClass: ForegroundDerivedStateProvider,
-      deps: [OBSERVABLE_MEMORY_STORAGE, NgZone],
-    },
-    {
-      provide: AutofillSettingsServiceAbstraction,
-      useClass: AutofillSettingsService,
-      deps: [StateProvider, PolicyService],
-    },
-    {
-      provide: UserNotificationSettingsServiceAbstraction,
-      useClass: UserNotificationSettingsService,
-      deps: [StateProvider],
-    },
-  ],
+  // Do not register your dependency here! Add it to the typesafeProviders array using the helper function
+  providers: safeProviders,
 })
 export class ServicesModule {}
diff --git a/apps/browser/src/popup/settings/about.component.html b/apps/browser/src/popup/settings/about.component.html
index b408617834..a4ad0ba801 100644
--- a/apps/browser/src/popup/settings/about.component.html
+++ b/apps/browser/src/popup/settings/about.component.html
@@ -6,33 +6,33 @@
   <div bitDialogContent>
     <p>&copy; Bitwarden Inc. 2015-{{ year }}</p>
     <p>{{ "version" | i18n }}: {{ version }}</p>
-    <ng-container *ngIf="serverConfig$ | async as serverConfig">
-      <p *ngIf="isCloud">
-        {{ "serverVersion" | i18n }}: {{ this.serverConfig?.version }}
-        <span *ngIf="!serverConfig.isValid()">
-          ({{ "lastSeenOn" | i18n: (serverConfig.utcDate | date: "mediumDate") }})
+    <ng-container *ngIf="data$ | async as data">
+      <p *ngIf="data.isCloud">
+        {{ "serverVersion" | i18n }}: {{ data.serverConfig?.version }}
+        <span *ngIf="!data.serverConfig.isValid()">
+          ({{ "lastSeenOn" | i18n: (data.serverConfig.utcDate | date: "mediumDate") }})
         </span>
       </p>
 
-      <ng-container *ngIf="!isCloud">
-        <ng-container *ngIf="serverConfig.server">
+      <ng-container *ngIf="!data.isCloud">
+        <ng-container *ngIf="data.serverConfig.server">
           <p>
             {{ "serverVersion" | i18n }} <small>({{ "thirdParty" | i18n }})</small>:
-            {{ this.serverConfig?.version }}
-            <span *ngIf="!serverConfig.isValid()">
-              ({{ "lastSeenOn" | i18n: (serverConfig.utcDate | date: "mediumDate") }})
+            {{ data.serverConfig?.version }}
+            <span *ngIf="!data.serverConfig.isValid()">
+              ({{ "lastSeenOn" | i18n: (data.serverConfig.utcDate | date: "mediumDate") }})
             </span>
           </p>
           <div>
-            <small>{{ "thirdPartyServerMessage" | i18n: serverConfig.server?.name }}</small>
+            <small>{{ "thirdPartyServerMessage" | i18n: data.serverConfig.server?.name }}</small>
           </div>
         </ng-container>
 
-        <p *ngIf="!serverConfig.server">
+        <p *ngIf="!data.serverConfig.server">
           {{ "serverVersion" | i18n }} <small>({{ "selfHostedServer" | i18n }})</small>:
-          {{ this.serverConfig?.version }}
-          <span *ngIf="!serverConfig.isValid()">
-            ({{ "lastSeenOn" | i18n: (serverConfig.utcDate | date: "mediumDate") }})
+          {{ data.serverConfig?.version }}
+          <span *ngIf="!data.serverConfig.isValid()">
+            ({{ "lastSeenOn" | i18n: (data.serverConfig.utcDate | date: "mediumDate") }})
           </span>
         </p>
       </ng-container>
diff --git a/apps/browser/src/popup/settings/about.component.ts b/apps/browser/src/popup/settings/about.component.ts
index d6f6f000b6..61b5749b51 100644
--- a/apps/browser/src/popup/settings/about.component.ts
+++ b/apps/browser/src/popup/settings/about.component.ts
@@ -1,10 +1,9 @@
 import { CommonModule } from "@angular/common";
 import { Component } from "@angular/core";
-import { Observable } from "rxjs";
+import { combineLatest, map } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
-import { ServerConfig } from "@bitwarden/common/platform/abstractions/config/server-config";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { ButtonModule, DialogModule } from "@bitwarden/components";
 
@@ -16,14 +15,16 @@ import { BrowserApi } from "../../platform/browser/browser-api";
   imports: [CommonModule, JslibModule, DialogModule, ButtonModule],
 })
 export class AboutComponent {
-  protected serverConfig$: Observable<ServerConfig> = this.configService.serverConfig$;
-
   protected year = new Date().getFullYear();
   protected version = BrowserApi.getApplicationVersion();
-  protected isCloud = this.environmentService.isCloud();
+
+  protected data$ = combineLatest([
+    this.configService.serverConfig$,
+    this.environmentService.environment$.pipe(map((env) => env.isCloud())),
+  ]).pipe(map(([serverConfig, isCloud]) => ({ serverConfig, isCloud })));
 
   constructor(
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private environmentService: EnvironmentService,
   ) {}
 }
diff --git a/apps/browser/src/popup/settings/settings.component.ts b/apps/browser/src/popup/settings/settings.component.ts
index 05f633d424..52e44a2531 100644
--- a/apps/browser/src/popup/settings/settings.component.ts
+++ b/apps/browser/src/popup/settings/settings.component.ts
@@ -446,9 +446,8 @@ export class SettingsComponent implements OnInit {
       type: "info",
     });
     if (confirmed) {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      BrowserApi.createNewTab(this.environmentService.getWebVaultUrl());
+      const env = await firstValueFrom(this.environmentService.environment$);
+      await BrowserApi.createNewTab(env.getWebVaultUrl());
     }
   }
 
@@ -479,10 +478,9 @@ export class SettingsComponent implements OnInit {
   }
 
   async webVault() {
-    const url = this.environmentService.getWebVaultUrl();
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    BrowserApi.createNewTab(url);
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const url = env.getWebVaultUrl();
+    await BrowserApi.createNewTab(url);
   }
 
   async import() {
diff --git a/apps/browser/src/services/browser-send.service.ts b/apps/browser/src/services/browser-send.service.ts
deleted file mode 100644
index 8a197444a9..0000000000
--- a/apps/browser/src/services/browser-send.service.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-import { BehaviorSubject } from "rxjs";
-
-import { Send } from "@bitwarden/common/tools/send/models/domain/send";
-import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
-import { SendService } from "@bitwarden/common/tools/send/services/send.service";
-
-import { browserSession, sessionSync } from "../platform/decorators/session-sync-observable";
-
-@browserSession
-export class BrowserSendService extends SendService {
-  @sessionSync({ initializer: Send.fromJSON, initializeAs: "array" })
-  protected _sends: BehaviorSubject<Send[]>;
-  @sessionSync({ initializer: SendView.fromJSON, initializeAs: "array" })
-  protected _sendViews: BehaviorSubject<SendView[]>;
-}
diff --git a/apps/browser/src/tools/background/fileless-importer.background.spec.ts b/apps/browser/src/tools/background/fileless-importer.background.spec.ts
index d3436099ef..858889b887 100644
--- a/apps/browser/src/tools/background/fileless-importer.background.spec.ts
+++ b/apps/browser/src/tools/background/fileless-importer.background.spec.ts
@@ -4,7 +4,7 @@ import { firstValueFrom } from "rxjs";
 import { PolicyService } from "@bitwarden/common/admin-console/services/policy/policy.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { Importer, ImportResult, ImportServiceAbstraction } from "@bitwarden/importer/core";
 
diff --git a/apps/browser/src/tools/background/fileless-importer.background.ts b/apps/browser/src/tools/background/fileless-importer.background.ts
index 3ddc7bd1b7..57c2faa930 100644
--- a/apps/browser/src/tools/background/fileless-importer.background.ts
+++ b/apps/browser/src/tools/background/fileless-importer.background.ts
@@ -5,7 +5,7 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { ImportServiceAbstraction } from "@bitwarden/importer/core";
 
@@ -55,7 +55,7 @@ class FilelessImporterBackground implements FilelessImporterBackgroundInterface
    * @param syncService - Used to trigger a full sync after the import is completed.
    */
   constructor(
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private authService: AuthService,
     private policyService: PolicyService,
     private notificationBackground: NotificationBackground,
diff --git a/apps/browser/src/tools/popup/settings/export.component.html b/apps/browser/src/tools/popup/settings/export.component.html
index db072d6b50..aae3584f6c 100644
--- a/apps/browser/src/tools/popup/settings/export.component.html
+++ b/apps/browser/src/tools/popup/settings/export.component.html
@@ -19,7 +19,7 @@
     <app-callout type="warning" title="{{ 'vaultExportDisabled' | i18n }}" *ngIf="disabledByPolicy">
       {{ "personalVaultExportPolicyInEffect" | i18n }}
     </app-callout>
-    <app-export-scope-callout *ngIf="!disabledByPolicy"></app-export-scope-callout>
+    <tools-export-scope-callout *ngIf="!disabledByPolicy"></tools-export-scope-callout>
 
     <div class="box">
       <div class="box-content">
diff --git a/apps/browser/src/tools/popup/settings/export.component.ts b/apps/browser/src/tools/popup/settings/export.component.ts
index 70735b5184..b62ed4c517 100644
--- a/apps/browser/src/tools/popup/settings/export.component.ts
+++ b/apps/browser/src/tools/popup/settings/export.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 import { Router } from "@angular/router";
 
-import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -13,6 +12,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
+import { ExportComponent as BaseExportComponent } from "@bitwarden/vault-export-ui";
 
 @Component({
   selector: "app-export",
diff --git a/apps/browser/src/vault/fido2/content/content-script.ts b/apps/browser/src/vault/fido2/content/content-script.ts
index e12c592262..c2fc862f55 100644
--- a/apps/browser/src/vault/fido2/content/content-script.ts
+++ b/apps/browser/src/vault/fido2/content/content-script.ts
@@ -138,6 +138,7 @@ async function run() {
   });
 }
 
-// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-// eslint-disable-next-line @typescript-eslint/no-floating-promises
-run();
+// Only run the script if the document is an HTML document
+if (document.contentType === "text/html") {
+  void run();
+}
diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.html b/apps/browser/src/vault/popup/components/vault/add-edit.component.html
index ecdeb9cda7..8ff448b6f7 100644
--- a/apps/browser/src/vault/popup/components/vault/add-edit.component.html
+++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.html
@@ -138,10 +138,20 @@
             attr.aria-label="{{ 'typePasskey' | i18n }} {{ fido2CredentialCreationDateValue }}"
           >
             <div class="box-content">
-              <div class="box-content-row text-muted">
-                <span class="row-label">{{ "typePasskey" | i18n }}</span>
-                {{ "dateCreated" | i18n }}
-                {{ cipher.login.fido2Credentials[0].creationDate | date: "short" }}
+              <div class="box-content-row box-content-row-multi text-muted" appBoxRow>
+                <button
+                  type="button"
+                  appStopClick
+                  (click)="removePasskey()"
+                  appA11yTitle="{{ 'removePasskey' | i18n }}"
+                >
+                  <i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
+                </button>
+                <div class="row-main">
+                  <span class="row-label">{{ "typePasskey" | i18n }}</span>
+                  {{ "dateCreated" | i18n }}
+                  {{ cipher.login.fido2Credentials[0].creationDate | date: "short" }}
+                </div>
               </div>
             </div>
           </div>
diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
index 054a45f374..a566b054c0 100644
--- a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
@@ -11,7 +11,7 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AutofillSettingsServiceAbstraction } from "@bitwarden/common/autofill/services/autofill-settings.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -68,7 +68,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     sendApiService: SendApiService,
     dialogService: DialogService,
     datePipe: DatePipe,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
   ) {
     super(
       cipherService,
diff --git a/apps/browser/src/vault/popup/components/vault/collections.component.ts b/apps/browser/src/vault/popup/components/vault/collections.component.ts
index acbdab3685..c8f85a8b7a 100644
--- a/apps/browser/src/vault/popup/components/vault/collections.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/collections.component.ts
@@ -4,6 +4,7 @@ import { ActivatedRoute } from "@angular/router";
 import { first } from "rxjs/operators";
 
 import { CollectionsComponent as BaseCollectionsComponent } from "@bitwarden/angular/admin-console/components/collections.component";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -21,11 +22,19 @@ export class CollectionsComponent extends BaseCollectionsComponent {
     platformUtilsService: PlatformUtilsService,
     i18nService: I18nService,
     cipherService: CipherService,
+    organizationService: OrganizationService,
     private route: ActivatedRoute,
     private location: Location,
     logService: LogService,
   ) {
-    super(collectionService, platformUtilsService, i18nService, cipherService, logService);
+    super(
+      collectionService,
+      platformUtilsService,
+      i18nService,
+      cipherService,
+      organizationService,
+      logService,
+    );
   }
 
   async ngOnInit() {
diff --git a/apps/browser/src/vault/popup/components/vault/current-tab.component.ts b/apps/browser/src/vault/popup/components/vault/current-tab.component.ts
index c2817ed50a..d9cf6550fa 100644
--- a/apps/browser/src/vault/popup/components/vault/current-tab.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/current-tab.component.ts
@@ -262,14 +262,6 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
 
     this.hostname = Utils.getHostname(this.url);
     this.pageDetails = [];
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    BrowserApi.tabSendMessage(this.tab, {
-      command: "collectPageDetails",
-      tab: this.tab,
-      sender: BroadcasterSubscriptionId,
-    });
-
     const otherTypes: CipherType[] = [];
     const dontShowCards = !(await firstValueFrom(this.vaultSettingsService.showCardsCurrentTab$));
     const dontShowIdentities = !(await firstValueFrom(
@@ -310,9 +302,18 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
       }
     });
 
-    this.loginCiphers = this.loginCiphers.sort((a, b) =>
-      this.cipherService.sortCiphersByLastUsedThenName(a, b),
-    );
+    if (this.loginCiphers.length) {
+      void BrowserApi.tabSendMessage(this.tab, {
+        command: "collectPageDetails",
+        tab: this.tab,
+        sender: BroadcasterSubscriptionId,
+      });
+
+      this.loginCiphers = this.loginCiphers.sort((a, b) =>
+        this.cipherService.sortCiphersByLastUsedThenName(a, b),
+      );
+    }
+
     this.isLoading = this.loaded = true;
   }
 
diff --git a/apps/browser/src/vault/popup/components/vault/vault-filter.component.ts b/apps/browser/src/vault/popup/components/vault/vault-filter.component.ts
index 5e7959b38f..2510e2f966 100644
--- a/apps/browser/src/vault/popup/components/vault/vault-filter.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/vault-filter.component.ts
@@ -20,7 +20,7 @@ import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
 import { BrowserGroupingsComponentState } from "../../../../models/browserGroupingsComponentState";
 import { BrowserApi } from "../../../../platform/browser/browser-api";
 import BrowserPopupUtils from "../../../../platform/popup/browser-popup-utils";
-import { BrowserStateService } from "../../../../platform/services/abstractions/browser-state.service";
+import { VaultBrowserStateService } from "../../../services/vault-browser-state.service";
 import { VaultFilterService } from "../../../services/vault-filter.service";
 
 const ComponentId = "VaultComponent";
@@ -84,8 +84,8 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     private platformUtilsService: PlatformUtilsService,
     private searchService: SearchService,
     private location: Location,
-    private browserStateService: BrowserStateService,
     private vaultFilterService: VaultFilterService,
+    private vaultBrowserStateService: VaultBrowserStateService,
   ) {
     this.noFolderListSize = 100;
   }
@@ -95,7 +95,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     this.showLeftHeader = !(
       BrowserPopupUtils.inSidebar(window) && this.platformUtilsService.isFirefox()
     );
-    await this.browserStateService.setBrowserVaultItemsComponentState(null);
+    await this.vaultBrowserStateService.setBrowserVaultItemsComponentState(null);
 
     this.broadcasterService.subscribe(ComponentId, (message: any) => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
@@ -120,7 +120,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     const restoredScopeState = await this.restoreState();
     // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
     this.route.queryParams.pipe(first()).subscribe(async (params) => {
-      this.state = await this.browserStateService.getBrowserGroupingComponentState();
+      this.state = await this.vaultBrowserStateService.getBrowserGroupingsComponentState();
       if (this.state?.searchText) {
         this.searchText = this.state.searchText;
       } else if (params.searchText) {
@@ -413,11 +413,11 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
       collections: this.collections,
       deletedCount: this.deletedCount,
     });
-    await this.browserStateService.setBrowserGroupingComponentState(this.state);
+    await this.vaultBrowserStateService.setBrowserGroupingsComponentState(this.state);
   }
 
   private async restoreState(): Promise<boolean> {
-    this.state = await this.browserStateService.getBrowserGroupingComponentState();
+    this.state = await this.vaultBrowserStateService.getBrowserGroupingsComponentState();
     if (this.state == null) {
       return false;
     }
diff --git a/apps/browser/src/vault/popup/components/vault/vault-items.component.ts b/apps/browser/src/vault/popup/components/vault/vault-items.component.ts
index 96d5fe170b..abb810c04d 100644
--- a/apps/browser/src/vault/popup/components/vault/vault-items.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/vault-items.component.ts
@@ -21,7 +21,7 @@ import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
 import { BrowserComponentState } from "../../../../models/browserComponentState";
 import { BrowserApi } from "../../../../platform/browser/browser-api";
 import BrowserPopupUtils from "../../../../platform/popup/browser-popup-utils";
-import { BrowserStateService } from "../../../../platform/services/abstractions/browser-state.service";
+import { VaultBrowserStateService } from "../../../services/vault-browser-state.service";
 import { VaultFilterService } from "../../../services/vault-filter.service";
 
 const ComponentId = "VaultItemsComponent";
@@ -59,7 +59,7 @@ export class VaultItemsComponent extends BaseVaultItemsComponent implements OnIn
     private ngZone: NgZone,
     private broadcasterService: BroadcasterService,
     private changeDetectorRef: ChangeDetectorRef,
-    private stateService: BrowserStateService,
+    private stateService: VaultBrowserStateService,
     private i18nService: I18nService,
     private collectionService: CollectionService,
     private platformUtilsService: PlatformUtilsService,
diff --git a/apps/browser/src/vault/services/vault-browser-state.service.spec.ts b/apps/browser/src/vault/services/vault-browser-state.service.spec.ts
new file mode 100644
index 0000000000..b9369aa826
--- /dev/null
+++ b/apps/browser/src/vault/services/vault-browser-state.service.spec.ts
@@ -0,0 +1,87 @@
+import {
+  FakeAccountService,
+  mockAccountServiceWith,
+} from "@bitwarden/common/../spec/fake-account-service";
+import { FakeStateProvider } from "@bitwarden/common/../spec/fake-state-provider";
+import { Jsonify } from "type-fest";
+
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { UserId } from "@bitwarden/common/types/guid";
+import { CipherType } from "@bitwarden/common/vault/enums";
+
+import { BrowserComponentState } from "../../models/browserComponentState";
+import { BrowserGroupingsComponentState } from "../../models/browserGroupingsComponentState";
+
+import {
+  VAULT_BROWSER_COMPONENT,
+  VAULT_BROWSER_GROUPINGS_COMPONENT,
+  VaultBrowserStateService,
+} from "./vault-browser-state.service";
+
+describe("Vault Browser State Service", () => {
+  let stateProvider: FakeStateProvider;
+
+  let accountService: FakeAccountService;
+  let stateService: VaultBrowserStateService;
+  const mockUserId = Utils.newGuid() as UserId;
+
+  beforeEach(() => {
+    accountService = mockAccountServiceWith(mockUserId);
+    stateProvider = new FakeStateProvider(accountService);
+
+    stateService = new VaultBrowserStateService(stateProvider);
+  });
+
+  describe("getBrowserGroupingsComponentState", () => {
+    it("should return a BrowserGroupingsComponentState", async () => {
+      await stateService.setBrowserGroupingsComponentState(new BrowserGroupingsComponentState());
+
+      const actual = await stateService.getBrowserGroupingsComponentState();
+
+      expect(actual).toBeInstanceOf(BrowserGroupingsComponentState);
+    });
+
+    it("should deserialize BrowserGroupingsComponentState", () => {
+      const sut = VAULT_BROWSER_GROUPINGS_COMPONENT;
+
+      const expectedState = {
+        deletedCount: 0,
+        collectionCounts: new Map<string, number>(),
+        folderCounts: new Map<string, number>(),
+        typeCounts: new Map<CipherType, number>(),
+      };
+
+      const result = sut.deserializer(
+        JSON.parse(JSON.stringify(expectedState)) as Jsonify<BrowserGroupingsComponentState>,
+      );
+
+      expect(result).toEqual(expectedState);
+    });
+  });
+
+  describe("getBrowserVaultItemsComponentState", () => {
+    it("should deserialize BrowserComponentState", () => {
+      const sut = VAULT_BROWSER_COMPONENT;
+
+      const expectedState = {
+        scrollY: 0,
+        searchText: "test",
+      };
+
+      const result = sut.deserializer(JSON.parse(JSON.stringify(expectedState)));
+
+      expect(result).toEqual(expectedState);
+    });
+
+    it("should return a BrowserComponentState", async () => {
+      const componentState = new BrowserComponentState();
+      componentState.scrollY = 0;
+      componentState.searchText = "test";
+
+      await stateService.setBrowserVaultItemsComponentState(componentState);
+
+      const actual = await stateService.getBrowserVaultItemsComponentState();
+      expect(actual).toStrictEqual(componentState);
+    });
+  });
+});
diff --git a/apps/browser/src/vault/services/vault-browser-state.service.ts b/apps/browser/src/vault/services/vault-browser-state.service.ts
new file mode 100644
index 0000000000..a0d55a9d55
--- /dev/null
+++ b/apps/browser/src/vault/services/vault-browser-state.service.ts
@@ -0,0 +1,65 @@
+import { Observable, firstValueFrom } from "rxjs";
+import { Jsonify } from "type-fest";
+
+import {
+  ActiveUserState,
+  KeyDefinition,
+  StateProvider,
+  VAULT_BROWSER_MEMORY,
+} from "@bitwarden/common/platform/state";
+
+import { BrowserComponentState } from "../../models/browserComponentState";
+import { BrowserGroupingsComponentState } from "../../models/browserGroupingsComponentState";
+
+export const VAULT_BROWSER_GROUPINGS_COMPONENT = new KeyDefinition<BrowserGroupingsComponentState>(
+  VAULT_BROWSER_MEMORY,
+  "vault_browser_groupings_component",
+  {
+    deserializer: (obj: Jsonify<BrowserGroupingsComponentState>) =>
+      BrowserGroupingsComponentState.fromJSON(obj),
+  },
+);
+
+export const VAULT_BROWSER_COMPONENT = new KeyDefinition<BrowserComponentState>(
+  VAULT_BROWSER_MEMORY,
+  "vault_browser_component",
+  {
+    deserializer: (obj: Jsonify<BrowserComponentState>) => BrowserComponentState.fromJSON(obj),
+  },
+);
+
+export class VaultBrowserStateService {
+  vaultBrowserGroupingsComponentState$: Observable<BrowserGroupingsComponentState>;
+  vaultBrowserComponentState$: Observable<BrowserComponentState>;
+
+  private activeUserVaultBrowserGroupingsComponentState: ActiveUserState<BrowserGroupingsComponentState>;
+  private activeUserVaultBrowserComponentState: ActiveUserState<BrowserComponentState>;
+
+  constructor(protected stateProvider: StateProvider) {
+    this.activeUserVaultBrowserGroupingsComponentState = this.stateProvider.getActive(
+      VAULT_BROWSER_GROUPINGS_COMPONENT,
+    );
+    this.activeUserVaultBrowserComponentState =
+      this.stateProvider.getActive(VAULT_BROWSER_COMPONENT);
+
+    this.vaultBrowserGroupingsComponentState$ =
+      this.activeUserVaultBrowserGroupingsComponentState.state$;
+    this.vaultBrowserComponentState$ = this.activeUserVaultBrowserComponentState.state$;
+  }
+
+  async getBrowserGroupingsComponentState(): Promise<BrowserGroupingsComponentState> {
+    return await firstValueFrom(this.vaultBrowserGroupingsComponentState$);
+  }
+
+  async setBrowserGroupingsComponentState(value: BrowserGroupingsComponentState): Promise<void> {
+    await this.activeUserVaultBrowserGroupingsComponentState.update(() => value);
+  }
+
+  async getBrowserVaultItemsComponentState(): Promise<BrowserComponentState> {
+    return await firstValueFrom(this.vaultBrowserComponentState$);
+  }
+
+  async setBrowserVaultItemsComponentState(value: BrowserComponentState): Promise<void> {
+    await this.activeUserVaultBrowserComponentState.update(() => value);
+  }
+}
diff --git a/apps/browser/store/locales/gl/copy.resx b/apps/browser/store/locales/gl/copy.resx
index 191198691d..d812256fb7 100644
--- a/apps/browser/store/locales/gl/copy.resx
+++ b/apps/browser/store/locales/gl/copy.resx
@@ -118,58 +118,58 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="Name" xml:space="preserve">
-    <value>Bitwarden – Free Password Manager</value>
+    <value>Bitwarden – Xestor de contrasinais gratuíto</value>
   </data>
   <data name="Summary" xml:space="preserve">
-    <value>A secure and free password manager for all of your devices</value>
+    <value>Un xestor de contrasinais seguro e gratuíto para todos os teus dispositivos</value>
   </data>
   <data name="Description" xml:space="preserve">
-    <value>Bitwarden, Inc. is the parent company of 8bit Solutions LLC.
+    <value>Bitwarden, Inc. é a empresa matriz de 8bit Solutions LLC.
 
-NAMED BEST PASSWORD MANAGER BY THE VERGE, U.S. NEWS &amp; WORLD REPORT, CNET, AND MORE.
+NOMEADO MELLOR ADMINISTRADOR DE CONTRASINAIS POR THE VERGE, Ou.S. NEWS &amp; WORLD REPORT, CNET E MÁS.
 
-Manage, store, secure, and share unlimited passwords across unlimited devices from anywhere. Bitwarden delivers open source password management solutions to everyone, whether at  home, at work, or on the go.
+Administre, almacene, protexa e comparta contrasinais ilimitados en dispositivos ilimitados desde calquera lugar. Bitwarden ofrece solucións de xestión de contrasinais de código aberto para todos, xa sexa en casa, no traballo ou en mentres estás de viaxe.
 
-Generate strong, unique, and random passwords based on security requirements for every website you frequent.
+Xere contrasinais seguros, únicas e aleatorias en función dos requisitos de seguridade de cada sitio web que frecuenta.
 
-Bitwarden Send quickly transmits encrypted information --- files and plaintext -- directly to anyone.
+Bitwarden Send transmite rapidamente información cifrada --- arquivos e texto sen formato, directamente a calquera persoa.
 
-Bitwarden offers Teams and Enterprise plans for companies so you can securely share passwords with colleagues.
+Bitwarden ofrece plans Teams e Enterprise para empresas para que poida compartir contrasinais de forma segura con colegas.
 
-Why Choose Bitwarden:
+Por que elixir Bitwarden?
 
-World-Class Encryption
-Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashing, and PBKDF2 SHA-256) so your data stays secure and private.
+Cifrado de clase mundial
+Os contrasinais están protexidas con cifrado avanzado de extremo a extremo (AES-256 bits, salted hashing e PBKDF2 XA-256) para que os seus datos permanezan seguros e privados.
 
-Built-in Password Generator
-Generate strong, unique, and random passwords based on security requirements for every website you frequent.
+Xerador de contrasinais incorporado
+Xere contrasinais fortes, únicas e aleatorias en función dos requisitos de seguridade de cada sitio web que frecuenta.
 
-Global Translations 
-Bitwarden translations exist in 40 languages and are growing, thanks to our global community.
+Traducións Globais 
+As traducións de Bitwarden existen en 40 idiomas e están a crecer, grazas á nosa comunidade global.
 
-Cross-Platform Applications 
-Secure and share sensitive data within your Bitwarden Vault from any browser, mobile device, or desktop OS, and more.
+Aplicacións multiplataforma 
+Protexa e comparta datos confidenciais dentro da súa Caixa Forte de Bitwarden desde calquera navegador, dispositivo móbil ou sistema operativo de escritorio, e máis.
 </value>
   </data>
   <data name="AssetTitle" xml:space="preserve">
-    <value>A secure and free password manager for all of your devices</value>
+    <value>Un xestor de contrasinais seguro e gratuíto para todos os teus dispositivos</value>
   </data>
   <data name="ScreenshotSync" xml:space="preserve">
-    <value>Sync and access your vault from multiple devices</value>
+    <value>Sincroniza e accede á túa caixa forte desde múltiples dispositivos</value>
   </data>
   <data name="ScreenshotVault" xml:space="preserve">
-    <value>Manage all your logins and passwords from a secure vault</value>
+    <value>Xestiona todos os teus usuarios e contrasinais desde unha caixa forte segura</value>
   </data>
   <data name="ScreenshotAutofill" xml:space="preserve">
-    <value>Quickly auto-fill your login credentials into any website that you visit</value>
+    <value>Autocompleta rapidamente os teus datos de acceso en calquera páxina web que visites</value>
   </data>
   <data name="ScreenshotMenu" xml:space="preserve">
-    <value>Your vault is also conveniently accessible from the right-click menu</value>
+    <value>A túa caixa forte tamén é facilmente accesible desde o menú de clic dereito</value>
   </data>
   <data name="ScreenshotPassword" xml:space="preserve">
-    <value>Automatically generate strong, random, and secure passwords</value>
+    <value>Xera automaticamente contrasinais fortes, aleatorias e seguras</value>
   </data>
   <data name="ScreenshotEdit" xml:space="preserve">
-    <value>Your information is managed securely using AES-256 bit encryption</value>
+    <value>A túa información é xestionada de forma segura con cifrado AES de 256 bits</value>
   </data>
 </root>
diff --git a/apps/browser/tsconfig.json b/apps/browser/tsconfig.json
index a4176be0b0..694246f59a 100644
--- a/apps/browser/tsconfig.json
+++ b/apps/browser/tsconfig.json
@@ -20,6 +20,7 @@
       "@bitwarden/vault-export-core": [
         "../../libs/tools/export/vault-export/vault-export-core/src"
       ],
+      "@bitwarden/vault-export-ui": ["../../libs/tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["../../libs/importer/src"],
       "@bitwarden/importer/ui": ["../../libs/importer/src/components"],
       "@bitwarden/platform": ["../../libs/platform/src"],
diff --git a/apps/cli/package.json b/apps/cli/package.json
index 2873be4242..690842d831 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/cli",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.3.0",
+  "version": "2024.3.1",
   "keywords": [
     "bitwarden",
     "password",
@@ -71,7 +71,7 @@
     "papaparse": "5.4.1",
     "proper-lockfile": "4.1.2",
     "rxjs": "7.8.1",
-    "tldts": "6.1.13",
+    "tldts": "6.1.16",
     "zxcvbn": "4.4.2"
   }
 }
diff --git a/apps/cli/src/auth/commands/login.command.ts b/apps/cli/src/auth/commands/login.command.ts
index 97c0974ac6..a91e876e92 100644
--- a/apps/cli/src/auth/commands/login.command.ts
+++ b/apps/cli/src/auth/commands/login.command.ts
@@ -690,6 +690,8 @@ export class LoginCommand {
     codeChallenge: string,
     state: string,
   ): Promise<{ ssoCode: string; orgIdentifier: string }> {
+    const env = await firstValueFrom(this.environmentService.environment$);
+
     return new Promise((resolve, reject) => {
       const callbackServer = http.createServer((req, res) => {
         const urlString = "http://localhost" + req.url;
@@ -724,7 +726,7 @@ export class LoginCommand {
         }
       });
       let foundPort = false;
-      const webUrl = this.environmentService.getWebVaultUrl();
+      const webUrl = env.getWebVaultUrl();
       for (let port = 8065; port <= 8070; port++) {
         try {
           this.ssoRedirectUri = "http://localhost:" + port;
diff --git a/apps/cli/src/bw.ts b/apps/cli/src/bw.ts
index d383545d38..ad215f7b54 100644
--- a/apps/cli/src/bw.ts
+++ b/apps/cli/src/bw.ts
@@ -5,11 +5,13 @@ import { program } from "commander";
 import * as jsdom from "jsdom";
 
 import {
+  InternalUserDecryptionOptionsServiceAbstraction,
   AuthRequestService,
   LoginStrategyService,
   LoginStrategyServiceAbstraction,
   PinCryptoService,
   PinCryptoServiceAbstraction,
+  UserDecryptionOptionsService,
 } from "@bitwarden/auth/common";
 import { EventCollectionService as EventCollectionServiceAbstraction } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { EventUploadService as EventUploadServiceAbstraction } from "@bitwarden/common/abstractions/event/event-upload.service";
@@ -45,6 +47,8 @@ import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abs
 import { DefaultBillingAccountProfileStateService } from "@bitwarden/common/billing/services/account/billing-account-profile-state.service";
 import { ClientType } from "@bitwarden/common/enums";
 import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config-api.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { KeyGenerationService as KeyGenerationServiceAbstraction } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import {
   BiometricStateService,
@@ -57,10 +61,11 @@ import { GlobalState } from "@bitwarden/common/platform/models/domain/global-sta
 import { AppIdService } from "@bitwarden/common/platform/services/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/services/broadcaster.service";
 import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service";
+import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
 import { FileUploadService } from "@bitwarden/common/platform/services/file-upload/file-upload.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/services/key-generation.service";
 import { MemoryStorageService } from "@bitwarden/common/platform/services/memory-storage.service";
@@ -128,7 +133,6 @@ import {
   VaultExportServiceAbstraction,
 } from "@bitwarden/vault-export-core";
 
-import { CliConfigService } from "./platform/services/cli-config.service";
 import { CliPlatformUtilsService } from "./platform/services/cli-platform-utils.service";
 import { ConsoleLogService } from "./platform/services/console-log.service";
 import { I18nService } from "./platform/services/i18n.service";
@@ -169,6 +173,7 @@ export class Main {
   eventUploadService: EventUploadServiceAbstraction;
   passwordGenerationService: PasswordGenerationServiceAbstraction;
   passwordStrengthService: PasswordStrengthServiceAbstraction;
+  userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction;
   totpService: TotpService;
   containerService: ContainerService;
   auditService: AuditService;
@@ -210,7 +215,7 @@ export class Main {
   deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction;
   authRequestService: AuthRequestService;
   configApiService: ConfigApiServiceAbstraction;
-  configService: CliConfigService;
+  configService: ConfigService;
   accountService: AccountService;
   globalStateProvider: GlobalStateProvider;
   singleUserStateProvider: SingleUserStateProvider;
@@ -309,13 +314,21 @@ export class Main {
       this.derivedStateProvider,
     );
 
-    this.environmentService = new EnvironmentService(this.stateProvider, this.accountService);
+    this.environmentService = new DefaultEnvironmentService(
+      this.stateProvider,
+      this.accountService,
+    );
+
+    this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService);
 
     this.tokenService = new TokenService(
       this.singleUserStateProvider,
       this.globalStateProvider,
       this.platformUtilsService.supportsSecureStorage(),
       this.secureStorageService,
+      this.keyGenerationService,
+      this.encryptService,
+      this.logService,
     );
 
     const migrationRunner = new MigrationRunner(
@@ -336,8 +349,6 @@ export class Main {
       migrationRunner,
     );
 
-    this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService);
-
     this.cryptoService = new CryptoService(
       this.keyGenerationService,
       this.cryptoFunctionService,
@@ -416,7 +427,6 @@ export class Main {
     this.policyApiService = new PolicyApiService(this.policyService, this.apiService);
 
     this.keyConnectorService = new KeyConnectorService(
-      this.stateService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -424,6 +434,7 @@ export class Main {
       this.organizationService,
       this.keyGenerationService,
       async (expired: boolean) => await this.logout(),
+      this.stateProvider,
     );
 
     this.twoFactorService = new TwoFactorService(this.i18nService, this.platformUtilsService);
@@ -436,17 +447,21 @@ export class Main {
       this.stateService,
     );
 
+    this.userDecryptionOptionsService = new UserDecryptionOptionsService(this.stateProvider);
+
     this.devicesApiService = new DevicesApiServiceImplementation(this.apiService);
     this.deviceTrustCryptoService = new DeviceTrustCryptoService(
       this.keyGenerationService,
       this.cryptoFunctionService,
       this.cryptoService,
       this.encryptService,
-      this.stateService,
       this.appIdService,
       this.devicesApiService,
       this.i18nService,
       this.platformUtilsService,
+      this.stateProvider,
+      this.secureStorageService,
+      this.userDecryptionOptionsService,
     );
 
     this.authRequestService = new AuthRequestService(
@@ -457,7 +472,7 @@ export class Main {
     );
 
     this.billingAccountProfileStateService = new DefaultBillingAccountProfileStateService(
-      this.activeUserStateProvider,
+      this.stateProvider,
     );
 
     this.loginStrategyService = new LoginStrategyService(
@@ -478,26 +493,27 @@ export class Main {
       this.policyService,
       this.deviceTrustCryptoService,
       this.authRequestService,
+      this.userDecryptionOptionsService,
       this.globalStateProvider,
       this.billingAccountProfileStateService,
     );
 
     this.authService = new AuthService(
+      this.accountService,
       this.messagingService,
       this.cryptoService,
       this.apiService,
       this.stateService,
+      this.tokenService,
     );
 
-    this.configApiService = new ConfigApiService(this.apiService, this.authService);
+    this.configApiService = new ConfigApiService(this.apiService, this.tokenService);
 
-    this.configService = new CliConfigService(
-      this.stateService,
+    this.configService = new DefaultConfigService(
       this.configApiService,
-      this.authService,
       this.environmentService,
       this.logService,
-      true,
+      this.stateProvider,
     );
 
     this.cipherService = new CipherService(
@@ -529,6 +545,7 @@ export class Main {
     this.biometricStateService = new DefaultBiometricStateService(this.stateProvider);
 
     this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService(
+      this.userDecryptionOptionsService,
       this.cryptoService,
       this.tokenService,
       this.policyService,
@@ -548,6 +565,7 @@ export class Main {
       this.cryptoService,
       this.i18nService,
       this.userVerificationApiService,
+      this.userDecryptionOptionsService,
       this.pinCryptoService,
       this.logService,
       this.vaultTimeoutSettingsService,
@@ -589,6 +607,7 @@ export class Main {
       this.folderApiService,
       this.organizationService,
       this.sendApiService,
+      this.userDecryptionOptionsService,
       this.avatarService,
       async (expired: boolean) => await this.logout(),
       this.billingAccountProfileStateService,
@@ -693,16 +712,8 @@ export class Main {
     await this.storageService.init();
     await this.stateService.init();
     this.containerService.attachToGlobal(global);
-    await this.environmentService.setUrlsFromStorage();
     await this.i18nService.init();
     this.twoFactorService.init();
-    this.configService.init();
-
-    const installedVersion = await this.stateService.getInstalledVersion();
-    const currentVersion = await this.platformUtilsService.getApplicationVersion();
-    if (installedVersion == null || installedVersion !== currentVersion) {
-      await this.stateService.setInstalledVersion(currentVersion);
-    }
   }
 }
 
diff --git a/apps/cli/src/commands/config.command.ts b/apps/cli/src/commands/config.command.ts
index 209f75a836..eb6559443d 100644
--- a/apps/cli/src/commands/config.command.ts
+++ b/apps/cli/src/commands/config.command.ts
@@ -1,6 +1,10 @@
 import { OptionValues } from "commander";
+import { firstValueFrom } from "rxjs";
 
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import {
+  EnvironmentService,
+  Region,
+} from "@bitwarden/common/platform/abstractions/environment.service";
 
 import { Response } from "../models/response";
 import { MessageResponse } from "../models/response/message.response";
@@ -29,16 +33,15 @@ export class ConfigCommand {
       !options.notifications &&
       !options.events
     ) {
+      const env = await firstValueFrom(this.environmentService.environment$);
       const stringRes = new StringResponse(
-        this.environmentService.hasBaseUrl()
-          ? this.environmentService.getUrls().base
-          : "https://bitwarden.com",
+        env.hasBaseUrl() ? env.getUrls().base : "https://bitwarden.com",
       );
       return Response.success(stringRes);
     }
 
     url = url === "null" || url === "bitwarden.com" || url === "https://bitwarden.com" ? null : url;
-    await this.environmentService.setUrls({
+    await this.environmentService.setEnvironment(Region.SelfHosted, {
       base: url,
       webVault: options.webVault || null,
       api: options.api || null,
diff --git a/apps/cli/src/commands/convert-to-key-connector.command.ts b/apps/cli/src/commands/convert-to-key-connector.command.ts
index de9565dfb6..654606dc06 100644
--- a/apps/cli/src/commands/convert-to-key-connector.command.ts
+++ b/apps/cli/src/commands/convert-to-key-connector.command.ts
@@ -1,8 +1,12 @@
 import * as inquirer from "inquirer";
+import { firstValueFrom } from "rxjs";
 
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import {
+  EnvironmentService,
+  Region,
+} from "@bitwarden/common/platform/abstractions/environment.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 
 import { Response } from "../models/response";
@@ -67,9 +71,10 @@ export class ConvertToKeyConnectorCommand {
       await this.keyConnectorService.setUsesKeyConnector(true);
 
       // Update environment URL - required for api key login
-      const urls = this.environmentService.getUrls();
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const urls = env.getUrls();
       urls.keyConnector = organization.keyConnectorUrl;
-      await this.environmentService.setUrls(urls);
+      await this.environmentService.setEnvironment(Region.SelfHosted, urls);
 
       return Response.success();
     } else if (answer.convert === "leave") {
diff --git a/apps/cli/src/commands/status.command.ts b/apps/cli/src/commands/status.command.ts
index d7bc17b643..32b93a7e40 100644
--- a/apps/cli/src/commands/status.command.ts
+++ b/apps/cli/src/commands/status.command.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -17,7 +19,7 @@ export class StatusCommand {
 
   async run(): Promise<Response> {
     try {
-      const baseUrl = this.baseUrl();
+      const baseUrl = await this.baseUrl();
       const status = await this.status();
       const lastSync = await this.syncService.getLastSync();
       const userId = await this.stateService.getUserId();
@@ -37,8 +39,9 @@ export class StatusCommand {
     }
   }
 
-  private baseUrl(): string {
-    return this.envService.getUrls().base;
+  private async baseUrl(): Promise<string> {
+    const env = await firstValueFrom(this.envService.environment$);
+    return env.getUrls().base;
   }
 
   private async status(): Promise<"unauthenticated" | "locked" | "unlocked"> {
diff --git a/apps/cli/src/platform/services/cli-config.service.ts b/apps/cli/src/platform/services/cli-config.service.ts
deleted file mode 100644
index 6faa1b12e8..0000000000
--- a/apps/cli/src/platform/services/cli-config.service.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-import { NEVER } from "rxjs";
-
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
-
-export class CliConfigService extends ConfigService {
-  // The rxjs timer uses setTimeout/setInterval under the hood, which prevents the node process from exiting
-  // when the command is finished. Cli should never be alive long enough to use the timer, so we disable it.
-  protected refreshTimer$ = NEVER;
-}
diff --git a/apps/cli/src/tools/send/commands/create.command.ts b/apps/cli/src/tools/send/commands/create.command.ts
index 1f6f8059e1..a3f4b5c086 100644
--- a/apps/cli/src/tools/send/commands/create.command.ts
+++ b/apps/cli/src/tools/send/commands/create.command.ts
@@ -127,7 +127,8 @@ export class SendCreateCommand {
       await this.sendApiService.save([encSend, fileData]);
       const newSend = await this.sendService.getFromState(encSend.id);
       const decSend = await newSend.decrypt();
-      const res = new SendResponse(decSend, this.environmentService.getWebVaultUrl());
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const res = new SendResponse(decSend, env.getWebVaultUrl());
       return Response.success(res);
     } catch (e) {
       return Response.error(e);
diff --git a/apps/cli/src/tools/send/commands/get.command.ts b/apps/cli/src/tools/send/commands/get.command.ts
index 9e80c350b7..2ffe242317 100644
--- a/apps/cli/src/tools/send/commands/get.command.ts
+++ b/apps/cli/src/tools/send/commands/get.command.ts
@@ -1,4 +1,5 @@
 import { OptionValues } from "commander";
+import { firstValueFrom } from "rxjs";
 
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -32,7 +33,8 @@ export class SendGetCommand extends DownloadCommand {
       return Response.notFound();
     }
 
-    const webVaultUrl = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webVaultUrl = env.getWebVaultUrl();
     let filter = (s: SendView) => true;
     let selector = async (s: SendView): Promise<Response> =>
       Response.success(new SendResponse(s, webVaultUrl));
diff --git a/apps/cli/src/tools/send/commands/list.command.ts b/apps/cli/src/tools/send/commands/list.command.ts
index e169a26ea1..ab8a4dcb1c 100644
--- a/apps/cli/src/tools/send/commands/list.command.ts
+++ b/apps/cli/src/tools/send/commands/list.command.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
@@ -21,7 +23,8 @@ export class SendListCommand {
       sends = this.searchService.searchSends(sends, normalizedOptions.search);
     }
 
-    const webVaultUrl = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webVaultUrl = env.getWebVaultUrl();
     const res = new ListResponse(sends.map((s) => new SendResponse(s, webVaultUrl)));
     return Response.success(res);
   }
diff --git a/apps/cli/src/tools/send/commands/receive.command.ts b/apps/cli/src/tools/send/commands/receive.command.ts
index 8dfbf01fa9..dc662f0272 100644
--- a/apps/cli/src/tools/send/commands/receive.command.ts
+++ b/apps/cli/src/tools/send/commands/receive.command.ts
@@ -1,5 +1,6 @@
 import { OptionValues } from "commander";
 import * as inquirer from "inquirer";
+import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
@@ -46,7 +47,7 @@ export class SendReceiveCommand extends DownloadCommand {
       return Response.badRequest("Failed to parse the provided Send url");
     }
 
-    const apiUrl = this.getApiUrl(urlObject);
+    const apiUrl = await this.getApiUrl(urlObject);
     const [id, key] = this.getIdAndKey(urlObject);
 
     if (Utils.isNullOrWhitespace(id) || Utils.isNullOrWhitespace(key)) {
@@ -108,8 +109,9 @@ export class SendReceiveCommand extends DownloadCommand {
     return [result[0], result[1]];
   }
 
-  private getApiUrl(url: URL) {
-    const urls = this.environmentService.getUrls();
+  private async getApiUrl(url: URL) {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const urls = env.getUrls();
     if (url.origin === "https://send.bitwarden.com") {
       return "https://api.bitwarden.com";
     } else if (url.origin === urls.api) {
diff --git a/apps/cli/src/tools/send/commands/remove-password.command.ts b/apps/cli/src/tools/send/commands/remove-password.command.ts
index a25ca4c07e..1c7289bf08 100644
--- a/apps/cli/src/tools/send/commands/remove-password.command.ts
+++ b/apps/cli/src/tools/send/commands/remove-password.command.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { SendService } from "@bitwarden/common/tools/send/services//send.service.abstraction";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
@@ -18,7 +20,8 @@ export class SendRemovePasswordCommand {
 
       const updatedSend = await this.sendService.get(id);
       const decSend = await updatedSend.decrypt();
-      const webVaultUrl = this.environmentService.getWebVaultUrl();
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const webVaultUrl = env.getWebVaultUrl();
       const res = new SendResponse(decSend, webVaultUrl);
       return Response.success(res);
     } catch (e) {
diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 138394886d..446bce87a0 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -45,9 +45,9 @@ checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1"
 
 [[package]]
 name = "arboard"
-version = "3.3.0"
+version = "3.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aafb29b107435aa276664c1db8954ac27a6e105cdad3c88287a199eb0e313c08"
+checksum = "a2041f1943049c7978768d84e6d0fd95de98b76d6c4727b09e78ec253d29fa58"
 dependencies = [
  "clipboard-win",
  "log",
@@ -56,7 +56,6 @@ dependencies = [
  "objc_id",
  "parking_lot",
  "thiserror",
- "winapi",
  "wl-clipboard-rs",
  "x11rb",
 ]
@@ -84,9 +83,9 @@ dependencies = [
 
 [[package]]
 name = "base64"
-version = "0.21.5"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
+checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51"
 
 [[package]]
 name = "bitflags"
@@ -176,13 +175,11 @@ dependencies = [
 
 [[package]]
 name = "clipboard-win"
-version = "4.5.0"
+version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7191c27c2357d9b7ef96baac1773290d4ca63b24205b82a3fd8a0637afcf0362"
+checksum = "d517d4b86184dbb111d3556a10f1c8a04da7428d2987bf1081602bf11c3aa9ee"
 dependencies = [
  "error-code",
- "str-buf",
- "winapi",
 ]
 
 [[package]]
@@ -375,13 +372,9 @@ dependencies = [
 
 [[package]]
 name = "error-code"
-version = "2.3.1"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64f18991e7bf11e7ffee451b5318b5c1a73c52d0d0ada6e5a3017c8c1ced6a21"
-dependencies = [
- "libc",
- "str-buf",
-]
+checksum = "a0474425d51df81997e2f90a21591180b38eccf27292d755f3e30750225c175b"
 
 [[package]]
 name = "fastrand"
@@ -476,12 +469,12 @@ dependencies = [
 
 [[package]]
 name = "gethostname"
-version = "0.3.0"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb65d4ba3173c56a500b555b532f72c42e8d1fe64962b518897f8959fae2c177"
+checksum = "0176e0459c2e4a1fe232f984bca6890e681076abb9934f6cea7c326f3fc47818"
 dependencies = [
  "libc",
- "winapi",
+ "windows-targets 0.48.5",
 ]
 
 [[package]]
@@ -529,7 +522,7 @@ dependencies = [
  "gobject-sys",
  "libc",
  "system-deps",
- "windows-sys 0.52.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -661,12 +654,12 @@ checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7"
 
 [[package]]
 name = "libloading"
-version = "0.7.4"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
+checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
 dependencies = [
  "cfg-if",
- "winapi",
+ "windows-targets 0.52.4",
 ]
 
 [[package]]
@@ -767,9 +760,9 @@ dependencies = [
 
 [[package]]
 name = "napi"
-version = "2.13.3"
+version = "2.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd063c93b900149304e3ba96ce5bf210cd4f81ef5eb80ded0d100df3e85a3ac0"
+checksum = "54a63d0570e4c3e0daf7a8d380563610e159f538e20448d6c911337246f40e84"
 dependencies = [
  "bitflags 2.4.1",
  "ctor",
@@ -781,29 +774,29 @@ dependencies = [
 
 [[package]]
 name = "napi-build"
-version = "2.0.1"
+version = "2.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "882a73d9ef23e8dc2ebbffb6a6ae2ef467c0f18ac10711e4cc59c5485d41df0e"
+checksum = "2f9130fccc5f763cf2069b34a089a18f0d0883c66aceb81f2fad541a3d823c43"
 
 [[package]]
 name = "napi-derive"
-version = "2.13.0"
+version = "2.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da1c6a8fa84d549aa8708fcd062372bf8ec6e849de39016ab921067d21bde367"
+checksum = "05bb7c37e3c1dda9312fdbe4a9fc7507fca72288ba154ec093e2d49114e727ce"
 dependencies = [
  "cfg-if",
  "convert_case",
  "napi-derive-backend",
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.38",
 ]
 
 [[package]]
 name = "napi-derive-backend"
-version = "1.0.52"
+version = "1.0.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20bbc7c69168d06a848f925ec5f0e0997f98e8c8d4f2cc30157f0da51c009e17"
+checksum = "f785a8b8d7b83e925f5aa6d2ae3c159d17fe137ac368dc185bef410e7acdaeb4"
 dependencies = [
  "convert_case",
  "once_cell",
@@ -811,14 +804,14 @@ dependencies = [
  "quote",
  "regex",
  "semver",
- "syn 1.0.109",
+ "syn 2.0.38",
 ]
 
 [[package]]
 name = "napi-sys"
-version = "2.2.3"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "166b5ef52a3ab5575047a9fe8d4a030cdd0f63c96f071cd6907674453b07bae3"
+checksum = "2503fa6af34dc83fb74888df8b22afe933b58d37daf7d80424b1c60c68196b8b"
 dependencies = [
  "libloading",
 ]
@@ -896,9 +889,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.18.0"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
+checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
 
 [[package]]
 name = "os_pipe"
@@ -1201,12 +1194,6 @@ version = "1.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7"
 
-[[package]]
-name = "str-buf"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e08d8363704e6c71fc928674353e6b7c23dcea9d82d7012c8faf2a3a025f8d0"
-
 [[package]]
 name = "syn"
 version = "1.0.109"
@@ -1506,15 +1493,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "winapi-wsapoll"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44c17110f57155602a80dca10be03852116403c9ff3cd25b079d666f2aa3df6e"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
@@ -1704,22 +1682,17 @@ dependencies = [
 
 [[package]]
 name = "x11rb"
-version = "0.12.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1641b26d4dec61337c35a1b1aaf9e3cba8f46f0b43636c609ab0291a648040a"
+checksum = "f8f25ead8c7e4cba123243a6367da5d3990e0d3affa708ea19dce96356bd9f1a"
 dependencies = [
  "gethostname",
- "nix",
- "winapi",
- "winapi-wsapoll",
+ "rustix",
  "x11rb-protocol",
 ]
 
 [[package]]
 name = "x11rb-protocol"
-version = "0.12.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82d6c3f9a0fb6701fab8f6cea9b0c0bd5d6876f1f89f7fada07e558077c344bc"
-dependencies = [
- "nix",
-]
+checksum = "e63e71c4b8bd9ffec2c963173a4dc4cbde9ee96961d4fcb4429db9929b606c34"
diff --git a/apps/desktop/desktop_native/Cargo.toml b/apps/desktop/desktop_native/Cargo.toml
index 2542e4d214..a1625020e5 100644
--- a/apps/desktop/desktop_native/Cargo.toml
+++ b/apps/desktop/desktop_native/Cargo.toml
@@ -15,11 +15,11 @@ manual_test = []
 [dependencies]
 aes = "=0.8.4"
 anyhow = "=1.0.80"
-arboard = { version = "=3.3.0", default-features = false, features = ["wayland-data-control"] }
-base64 = "=0.21.5"
+arboard = { version = "=3.3.2", default-features = false, features = ["wayland-data-control"] }
+base64 = "=0.22.0"
 cbc = { version = "=0.1.2", features = ["alloc"] }
-napi = { version = "=2.13.3", features = ["async"] }
-napi-derive = "=2.13.0"
+napi = { version = "=2.16.0", features = ["async"] }
+napi-derive = "=2.16.0"
 rand = "=0.8.5"
 retry = "=2.0.0"
 scopeguard = "=1.2.0"
@@ -28,7 +28,7 @@ thiserror = "=1.0.51"
 typenum = "=1.17.0"
 
 [build-dependencies]
-napi-build = "=2.0.1"
+napi-build = "=2.1.2"
 
 [target.'cfg(windows)'.dependencies]
 widestring = "=1.0.2"
diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json
index afc51ef9fe..5ce5ef948f 100644
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -24,7 +24,7 @@
     "**/node_modules/argon2/package.json",
     "**/node_modules/argon2/lib/binding/napi-v3/argon2.node"
   ],
-  "electronVersion": "28.2.7",
+  "electronVersion": "28.2.8",
   "generateUpdatesFilesForAllChannels": true,
   "publish": {
     "provider": "generic",
@@ -150,7 +150,69 @@
     "identityName": "8bitSolutionsLLC.bitwardendesktop",
     "publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418",
     "publisherDisplayName": "8bit Solutions LLC",
-    "languages": ["en-US"]
+    "languages": [
+      "en-US",
+      "af",
+      "ar",
+      "az-latn",
+      "be",
+      "bg",
+      "bn",
+      "bs",
+      "ca",
+      "cs",
+      "cy",
+      "da",
+      "de",
+      "el",
+      "en-gb",
+      "en-in",
+      "es",
+      "et",
+      "eu",
+      "fa",
+      "fi",
+      "fil",
+      "fr",
+      "gl",
+      "he",
+      "hi",
+      "hr",
+      "hu",
+      "id",
+      "it",
+      "ja",
+      "ka",
+      "km",
+      "kn",
+      "ko",
+      "lt",
+      "lv",
+      "ml",
+      "mr",
+      "nb",
+      "ne",
+      "nl",
+      "nn",
+      "or",
+      "pl",
+      "pt-br",
+      "pt-pt",
+      "ro",
+      "ru",
+      "si",
+      "sk",
+      "sl",
+      "sr",
+      "sv",
+      "te",
+      "th",
+      "tr",
+      "uk",
+      "vi",
+      "zh-cn",
+      "zh-tw"
+    ]
   },
   "deb": {
     "artifactName": "${productName}-${version}-${arch}.${ext}",
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index 6b01918d6b..52dd0fafdb 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.3.1",
+  "version": "2024.3.2",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/src/app/accounts/settings.component.html b/apps/desktop/src/app/accounts/settings.component.html
index 7a61a55ccf..ae0409cdbc 100644
--- a/apps/desktop/src/app/accounts/settings.component.html
+++ b/apps/desktop/src/app/accounts/settings.component.html
@@ -30,7 +30,7 @@
               </button>
             </h2>
             <ng-container *ngIf="showSecurity">
-              <app-callout type="info" *ngIf="vaultTimeoutPolicyCallout | async as policy">
+              <bit-callout type="info" *ngIf="vaultTimeoutPolicyCallout | async as policy">
                 <span *ngIf="policy.timeout && policy.action">
                   {{
                     "vaultTimeoutPolicyWithActionInEffect"
@@ -46,7 +46,7 @@
                 <span *ngIf="!policy.timeout && policy.action">
                   {{ "vaultTimeoutActionPolicyInEffect" | i18n: (policy.action | i18n) }}
                 </span>
-              </app-callout>
+              </bit-callout>
               <app-vault-timeout-input
                 [vaultTimeoutOptions]="vaultTimeoutOptions"
                 [formControl]="form.controls.vaultTimeout"
@@ -412,6 +412,23 @@
                   "enableBrowserIntegrationFingerprintDesc" | i18n
                 }}</small>
               </div>
+              <div class="form-group">
+                <div class="checkbox">
+                  <label for="enableHardwareAcceleration">
+                    <input
+                      id="enableHardwareAcceleration"
+                      type="checkbox"
+                      aria-describedby="enableHardwareAccelerationHelp"
+                      formControlName="enableHardwareAcceleration"
+                      (change)="saveHardwareAcceleration()"
+                    />
+                    {{ "enableHardwareAcceleration" | i18n }}
+                  </label>
+                </div>
+                <small id="enableHardwareAccelerationHelp" class="help-block">{{
+                  "enableHardwareAccelerationDesc" | i18n
+                }}</small>
+              </div>
               <div class="form-group" *ngIf="showDuckDuckGoIntegrationOption">
                 <div class="checkbox">
                   <label for="enableDuckDuckGoBrowserIntegration">
diff --git a/apps/desktop/src/app/accounts/settings.component.ts b/apps/desktop/src/app/accounts/settings.component.ts
index e066d4ec2e..a613328878 100644
--- a/apps/desktop/src/app/accounts/settings.component.ts
+++ b/apps/desktop/src/app/accounts/settings.component.ts
@@ -23,7 +23,9 @@ import { ThemeStateService } from "@bitwarden/common/platform/theming/theme-stat
 import { DialogService } from "@bitwarden/components";
 
 import { SetPinComponent } from "../../auth/components/set-pin.component";
+import { DesktopAutofillSettingsService } from "../../autofill/services/desktop-autofill-settings.service";
 import { flagEnabled } from "../../platform/flags";
+import { DesktopSettingsService } from "../../platform/services/desktop-settings.service";
 
 @Component({
   selector: "app-settings",
@@ -40,7 +42,6 @@ export class SettingsComponent implements OnInit {
   themeOptions: any[];
   clearClipboardOptions: any[];
   supportsBiometric: boolean;
-  additionalBiometricSettingsText: string;
   showAlwaysShowDock = false;
   requireEnableTray = false;
   showDuckDuckGoIntegrationOption = false;
@@ -96,6 +97,7 @@ export class SettingsComponent implements OnInit {
       value: false,
       disabled: true,
     }),
+    enableHardwareAcceleration: true,
     enableDuckDuckGoBrowserIntegration: false,
     theme: [null as ThemeType | null],
     locale: [null as string | null],
@@ -118,7 +120,9 @@ export class SettingsComponent implements OnInit {
     private domainSettingsService: DomainSettingsService,
     private dialogService: DialogService,
     private userVerificationService: UserVerificationServiceAbstraction,
+    private desktopSettingsService: DesktopSettingsService,
     private biometricStateService: BiometricStateService,
+    private desktopAutofillSettingsService: DesktopAutofillSettingsService,
   ) {
     const isMac = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;
 
@@ -250,17 +254,21 @@ export class SettingsComponent implements OnInit {
       clearClipboard: await firstValueFrom(this.autofillSettingsService.clearClipboardDelay$),
       minimizeOnCopyToClipboard: await this.stateService.getMinimizeOnCopyToClipboard(),
       enableFavicons: await firstValueFrom(this.domainSettingsService.showFavicons$),
-      enableTray: await this.stateService.getEnableTray(),
-      enableMinToTray: await this.stateService.getEnableMinimizeToTray(),
-      enableCloseToTray: await this.stateService.getEnableCloseToTray(),
-      startToTray: await this.stateService.getEnableStartToTray(),
-      openAtLogin: await this.stateService.getOpenAtLogin(),
-      alwaysShowDock: await this.stateService.getAlwaysShowDock(),
+      enableTray: await firstValueFrom(this.desktopSettingsService.trayEnabled$),
+      enableMinToTray: await firstValueFrom(this.desktopSettingsService.minimizeToTray$),
+      enableCloseToTray: await firstValueFrom(this.desktopSettingsService.closeToTray$),
+      startToTray: await firstValueFrom(this.desktopSettingsService.startToTray$),
+      openAtLogin: await firstValueFrom(this.desktopSettingsService.openAtLogin$),
+      alwaysShowDock: await firstValueFrom(this.desktopSettingsService.alwaysShowDock$),
       enableBrowserIntegration: await this.stateService.getEnableBrowserIntegration(),
       enableBrowserIntegrationFingerprint:
         await this.stateService.getEnableBrowserIntegrationFingerprint(),
-      enableDuckDuckGoBrowserIntegration:
-        await this.stateService.getEnableDuckDuckGoBrowserIntegration(),
+      enableDuckDuckGoBrowserIntegration: await firstValueFrom(
+        this.desktopAutofillSettingsService.enableDuckDuckGoBrowserIntegration$,
+      ),
+      enableHardwareAcceleration: await firstValueFrom(
+        this.desktopSettingsService.hardwareAcceleration$,
+      ),
       theme: await firstValueFrom(this.themeStateService.selectedTheme$),
       locale: await firstValueFrom(this.i18nService.userSetLocale$),
     };
@@ -274,10 +282,6 @@ export class SettingsComponent implements OnInit {
     this.showMinToTray = this.platformUtilsService.getDevice() !== DeviceType.LinuxDesktop;
     this.showAlwaysShowDock = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;
     this.supportsBiometric = await this.platformUtilsService.supportsBiometric();
-    this.additionalBiometricSettingsText =
-      this.biometricText === "unlockWithTouchId"
-        ? "additionalTouchIdSettings"
-        : "additionalWindowsHelloSettings";
     this.previousVaultTimeout = this.form.value.vaultTimeout;
 
     this.refreshTimeoutSettings$
@@ -501,16 +505,16 @@ export class SettingsComponent implements OnInit {
   }
 
   async saveMinToTray() {
-    await this.stateService.setEnableMinimizeToTray(this.form.value.enableMinToTray);
+    await this.desktopSettingsService.setMinimizeToTray(this.form.value.enableMinToTray);
   }
 
   async saveCloseToTray() {
     if (this.requireEnableTray) {
       this.form.controls.enableTray.setValue(true);
-      await this.stateService.setEnableTray(this.form.value.enableTray);
+      await this.desktopSettingsService.setTrayEnabled(this.form.value.enableTray);
     }
 
-    await this.stateService.setEnableCloseToTray(this.form.value.enableCloseToTray);
+    await this.desktopSettingsService.setCloseToTray(this.form.value.enableCloseToTray);
   }
 
   async saveTray() {
@@ -527,9 +531,9 @@ export class SettingsComponent implements OnInit {
 
       if (confirm) {
         this.form.controls.startToTray.setValue(false, { emitEvent: false });
-        await this.stateService.setEnableStartToTray(this.form.value.startToTray);
+        await this.desktopSettingsService.setStartToTray(this.form.value.startToTray);
         this.form.controls.enableCloseToTray.setValue(false, { emitEvent: false });
-        await this.stateService.setEnableCloseToTray(this.form.value.enableCloseToTray);
+        await this.desktopSettingsService.setCloseToTray(this.form.value.enableCloseToTray);
       } else {
         this.form.controls.enableTray.setValue(true);
       }
@@ -537,17 +541,18 @@ export class SettingsComponent implements OnInit {
       return;
     }
 
-    await this.stateService.setEnableTray(this.form.value.enableTray);
+    await this.desktopSettingsService.setTrayEnabled(this.form.value.enableTray);
+    // TODO: Ideally the DesktopSettingsService.trayEnabled$ could be subscribed to instead of using messaging.
     this.messagingService.send(this.form.value.enableTray ? "showTray" : "removeTray");
   }
 
   async saveStartToTray() {
     if (this.requireEnableTray) {
       this.form.controls.enableTray.setValue(true);
-      await this.stateService.setEnableTray(this.form.value.enableTray);
+      await this.desktopSettingsService.setTrayEnabled(this.form.value.enableTray);
     }
 
-    await this.stateService.setEnableStartToTray(this.form.value.startToTray);
+    await this.desktopSettingsService.setStartToTray(this.form.value.startToTray);
   }
 
   async saveLocale() {
@@ -567,13 +572,12 @@ export class SettingsComponent implements OnInit {
   }
 
   async saveAlwaysShowDock() {
-    await this.stateService.setAlwaysShowDock(this.form.value.alwaysShowDock);
+    await this.desktopSettingsService.setAlwaysShowDock(this.form.value.alwaysShowDock);
   }
 
   async saveOpenAtLogin() {
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.stateService.setOpenAtLogin(this.form.value.openAtLogin);
+    await this.desktopSettingsService.setOpenAtLogin(this.form.value.openAtLogin);
+    // TODO: Ideally DesktopSettingsService.openAtLogin$ could be subscribed to directly rather than sending a message
     this.messagingService.send(
       this.form.value.openAtLogin ? "addOpenAtLogin" : "removeOpenAtLogin",
     );
@@ -634,7 +638,7 @@ export class SettingsComponent implements OnInit {
   }
 
   async saveDdgBrowserIntegration() {
-    await this.stateService.setEnableDuckDuckGoBrowserIntegration(
+    await this.desktopAutofillSettingsService.setEnableDuckDuckGoBrowserIntegration(
       this.form.value.enableDuckDuckGoBrowserIntegration,
     );
 
@@ -655,6 +659,12 @@ export class SettingsComponent implements OnInit {
     );
   }
 
+  async saveHardwareAcceleration() {
+    await this.desktopSettingsService.setHardwareAcceleration(
+      this.form.value.enableHardwareAcceleration,
+    );
+  }
+
   async updateApproveLoginRequests() {
     await this.stateService.setApproveLoginRequests(this.form.value.approveLoginRequests);
   }
@@ -685,4 +695,15 @@ export class SettingsComponent implements OnInit {
         throw new Error("Unsupported platform");
     }
   }
+
+  get additionalBiometricSettingsText() {
+    switch (this.platformUtilsService.getDevice()) {
+      case DeviceType.MacOsDesktop:
+        return "additionalTouchIdSettings";
+      case DeviceType.WindowsDesktop:
+        return "additionalWindowsHelloSettings";
+      default:
+        throw new Error("Unsupported platform");
+    }
+  }
 }
diff --git a/apps/desktop/src/app/app.component.ts b/apps/desktop/src/app/app.component.ts
index fa396ab313..4e74135c49 100644
--- a/apps/desktop/src/app/app.component.ts
+++ b/apps/desktop/src/app/app.component.ts
@@ -31,7 +31,7 @@ import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authenticatio
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -147,7 +147,7 @@ export class AppComponent implements OnInit, OnDestroy {
     private modalService: ModalService,
     private keyConnectorService: KeyConnectorService,
     private userVerificationService: UserVerificationService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private dialogService: DialogService,
     private biometricStateService: BiometricStateService,
     private stateEventRunnerService: StateEventRunnerService,
@@ -265,7 +265,7 @@ export class AppComponent implements OnInit, OnDestroy {
               // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
               // eslint-disable-next-line @typescript-eslint/no-floating-promises
               this.updateAppMenu();
-              this.configService.triggerServerConfigFetch();
+              await this.configService.ensureConfigFetched();
             }
             break;
           case "openSettings":
@@ -584,7 +584,6 @@ export class AppComponent implements OnInit, OnDestroy {
       await this.passwordGenerationService.clear(userBeingLoggedOut);
       await this.vaultTimeoutSettingsService.clear(userBeingLoggedOut);
       await this.policyService.clear(userBeingLoggedOut);
-      await this.keyConnectorService.clear();
       await this.biometricStateService.logout(userBeingLoggedOut as UserId);
       await this.providerService.save(null, userBeingLoggedOut as UserId);
 
diff --git a/apps/desktop/src/app/app.module.ts b/apps/desktop/src/app/app.module.ts
index 6317b6aaaf..de228d0399 100644
--- a/apps/desktop/src/app/app.module.ts
+++ b/apps/desktop/src/app/app.module.ts
@@ -7,7 +7,8 @@ import { NgModule } from "@angular/core";
 
 import { ColorPasswordCountPipe } from "@bitwarden/angular/pipes/color-password-count.pipe";
 import { ColorPasswordPipe } from "@bitwarden/angular/pipes/color-password.pipe";
-import { DialogModule } from "@bitwarden/components";
+import { DialogModule, CalloutModule } from "@bitwarden/components";
+import { ExportScopeCalloutComponent } from "@bitwarden/vault-export-ui";
 
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { DeleteAccountComponent } from "../auth/delete-account.component";
@@ -59,8 +60,10 @@ import { SendComponent } from "./tools/send/send.component";
     VaultFilterModule,
     LoginModule,
     DialogModule,
+    CalloutModule,
     DeleteAccountComponent,
     UserVerificationComponent,
+    ExportScopeCalloutComponent,
   ],
   declarations: [
     AccessibilityCookieComponent,
diff --git a/apps/desktop/src/app/layout/account-switcher.component.ts b/apps/desktop/src/app/layout/account-switcher.component.ts
index 795870b305..4e39ab0029 100644
--- a/apps/desktop/src/app/layout/account-switcher.component.ts
+++ b/apps/desktop/src/app/layout/account-switcher.component.ts
@@ -4,6 +4,7 @@ import { Component, OnDestroy, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
 import { concatMap, firstValueFrom, Subject, takeUntil } from "rxjs";
 
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AvatarService } from "@bitwarden/common/auth/abstractions/avatar.service";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
@@ -91,6 +92,7 @@ export class AccountSwitcherComponent implements OnInit, OnDestroy {
     private router: Router,
     private tokenService: TokenService,
     private environmentService: EnvironmentService,
+    private loginEmailService: LoginEmailServiceAbstraction,
   ) {}
 
   async ngOnInit(): Promise<void> {
@@ -105,7 +107,7 @@ export class AccountSwitcherComponent implements OnInit, OnDestroy {
               name: (await this.tokenService.getName()) ?? (await this.tokenService.getEmail()),
               email: await this.tokenService.getEmail(),
               avatarColor: await firstValueFrom(this.avatarService.avatarColor$),
-              server: await this.environmentService.getHost(),
+              server: (await this.environmentService.getEnvironment())?.getHostname(),
             };
           } catch {
             this.activeAccount = undefined;
@@ -137,7 +139,10 @@ export class AccountSwitcherComponent implements OnInit, OnDestroy {
 
   async addAccount() {
     this.close();
-    await this.stateService.setRememberedEmail(null);
+
+    this.loginEmailService.setRememberEmail(false);
+    await this.loginEmailService.saveEmailSettings();
+
     await this.router.navigate(["/login"]);
     await this.stateService.setActiveUser(null);
   }
@@ -158,7 +163,7 @@ export class AccountSwitcherComponent implements OnInit, OnDestroy {
         email: baseAccounts[userId].profile.email,
         authenticationStatus: await this.authService.getAuthStatus(userId),
         avatarColor: await firstValueFrom(this.avatarService.getUserAvatarColor$(userId as UserId)),
-        server: await this.environmentService.getHost(userId),
+        server: (await this.environmentService.getEnvironment(userId))?.getHostname(),
       };
     }
 
diff --git a/apps/desktop/src/app/services/init.service.ts b/apps/desktop/src/app/services/init.service.ts
index a29dadff30..d1a83d468c 100644
--- a/apps/desktop/src/app/services/init.service.ts
+++ b/apps/desktop/src/app/services/init.service.ts
@@ -8,11 +8,9 @@ import { NotificationsService as NotificationsServiceAbstraction } from "@bitwar
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
-import { EnvironmentService as EnvironmentServiceAbstraction } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService as StateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
 import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
@@ -25,7 +23,6 @@ import { NativeMessagingService } from "../../services/native-messaging.service"
 export class InitService {
   constructor(
     @Inject(WINDOW) private win: Window,
-    private environmentService: EnvironmentServiceAbstraction,
     private syncService: SyncServiceAbstraction,
     private vaultTimeoutService: VaultTimeoutService,
     private i18nService: I18nServiceAbstraction,
@@ -38,7 +35,6 @@ export class InitService {
     private nativeMessagingService: NativeMessagingService,
     private themingService: AbstractThemingService,
     private encryptService: EncryptService,
-    private configService: ConfigService,
     @Inject(DOCUMENT) private document: Document,
   ) {}
 
@@ -46,10 +42,6 @@ export class InitService {
     return async () => {
       this.nativeMessagingService.init();
       await this.stateService.init({ runMigrations: false }); // Desktop will run them in main process
-      await this.environmentService.setUrlsFromStorage();
-      // Workaround to ignore stateService.activeAccount until URLs are set
-      // TODO: Remove this when implementing ticket PM-2637
-      this.environmentService.initialized = true;
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises
       this.syncService.fullSync(true);
@@ -61,23 +53,9 @@ export class InitService {
       const htmlEl = this.win.document.documentElement;
       htmlEl.classList.add("os_" + this.platformUtilsService.getDeviceString());
       this.themingService.applyThemeChangesTo(this.document);
-      let installAction = null;
-      const installedVersion = await this.stateService.getInstalledVersion();
-      const currentVersion = await this.platformUtilsService.getApplicationVersion();
-      if (installedVersion == null) {
-        installAction = "install";
-      } else if (installedVersion !== currentVersion) {
-        installAction = "update";
-      }
-
-      if (installAction != null) {
-        await this.stateService.setInstalledVersion(currentVersion);
-      }
 
       const containerService = new ContainerService(this.cryptoService, this.encryptService);
       containerService.attachToGlobal(this.win);
-
-      this.configService.init();
     };
   }
 }
diff --git a/apps/desktop/src/app/services/services.module.ts b/apps/desktop/src/app/services/services.module.ts
index 3a8457da7a..84932ce7d9 100644
--- a/apps/desktop/src/app/services/services.module.ts
+++ b/apps/desktop/src/app/services/services.module.ts
@@ -1,8 +1,8 @@
-import { APP_INITIALIZER, InjectionToken, NgModule } from "@angular/core";
+import { APP_INITIALIZER, NgModule } from "@angular/core";
 
+import { SafeProvider, safeProvider } from "@bitwarden/angular/platform/utils/safe-provider";
 import {
   SECURE_STORAGE,
-  STATE_FACTORY,
   STATE_SERVICE_USE_CACHE,
   LOCALES_DIRECTORY,
   SYSTEM_LANGUAGE,
@@ -12,15 +12,15 @@ import {
   WINDOW,
   SUPPORTS_SECURE_STORAGE,
   SYSTEM_THEME_OBSERVABLE,
+  SafeInjectionToken,
+  STATE_FACTORY,
 } from "@bitwarden/angular/services/injection-tokens";
 import { JslibServicesModule } from "@bitwarden/angular/services/jslib-services.module";
 import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService as PolicyServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AccountService as AccountServiceAbstraction } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth.service";
-import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
-import { LoginService } from "@bitwarden/common/auth/services/login.service";
 import { AutofillSettingsServiceAbstraction } from "@bitwarden/common/autofill/services/autofill-settings.service";
 import { BroadcasterService as BroadcasterServiceAbstraction } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -53,7 +53,9 @@ import { CipherService as CipherServiceAbstraction } from "@bitwarden/common/vau
 import { DialogService } from "@bitwarden/components";
 
 import { LoginGuard } from "../../auth/guards/login.guard";
+import { DesktopAutofillSettingsService } from "../../autofill/services/desktop-autofill-settings.service";
 import { Account } from "../../models/account";
+import { DesktopSettingsService } from "../../platform/services/desktop-settings.service";
 import { ElectronCryptoService } from "../../platform/services/electron-crypto.service";
 import { ElectronLogRendererService } from "../../platform/services/electron-log.renderer.service";
 import {
@@ -75,143 +77,182 @@ import { DesktopFileDownloadService } from "./desktop-file-download.service";
 import { InitService } from "./init.service";
 import { RendererCryptoFunctionService } from "./renderer-crypto-function.service";
 
-const RELOAD_CALLBACK = new InjectionToken<() => any>("RELOAD_CALLBACK");
+const RELOAD_CALLBACK = new SafeInjectionToken<() => any>("RELOAD_CALLBACK");
+
+// Desktop has its own Account definition which must be used in its StateService
+const DESKTOP_STATE_FACTORY = new SafeInjectionToken<StateFactory<GlobalState, Account>>(
+  "DESKTOP_STATE_FACTORY",
+);
+
+/**
+ * Provider definitions used in the ngModule.
+ * Add your provider definition here using the safeProvider function as a wrapper. This will give you type safety.
+ * If you need help please ask for it, do NOT change the type of this array.
+ */
+const safeProviders: SafeProvider[] = [
+  safeProvider(InitService),
+  safeProvider(NativeMessagingService),
+  safeProvider(SearchBarService),
+  safeProvider(LoginGuard),
+  safeProvider(DialogService),
+  safeProvider({
+    provide: APP_INITIALIZER as SafeInjectionToken<() => void>,
+    useFactory: (initService: InitService) => initService.init(),
+    deps: [InitService],
+    multi: true,
+  }),
+  safeProvider({
+    provide: DESKTOP_STATE_FACTORY,
+    useValue: new StateFactory(GlobalState, Account),
+  }),
+  safeProvider({
+    provide: STATE_FACTORY,
+    useValue: null,
+  }),
+  safeProvider({
+    provide: RELOAD_CALLBACK,
+    useValue: null,
+  }),
+  safeProvider({
+    provide: LogServiceAbstraction,
+    useClass: ElectronLogRendererService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: PlatformUtilsServiceAbstraction,
+    useClass: ElectronPlatformUtilsService,
+    deps: [I18nServiceAbstraction, MessagingServiceAbstraction],
+  }),
+  safeProvider({
+    // We manually override the value of SUPPORTS_SECURE_STORAGE here to avoid
+    // the TokenService having to inject the PlatformUtilsService which introduces a
+    // circular dependency on Desktop only.
+    provide: SUPPORTS_SECURE_STORAGE,
+    useValue: ELECTRON_SUPPORTS_SECURE_STORAGE,
+  }),
+  safeProvider({
+    provide: I18nServiceAbstraction,
+    useClass: I18nRendererService,
+    deps: [SYSTEM_LANGUAGE, LOCALES_DIRECTORY, GlobalStateProvider],
+  }),
+  safeProvider({
+    provide: MessagingServiceAbstraction,
+    useClass: ElectronRendererMessagingService,
+    deps: [BroadcasterServiceAbstraction],
+  }),
+  safeProvider({
+    provide: AbstractStorageService,
+    useClass: ElectronRendererStorageService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: SECURE_STORAGE,
+    useClass: ElectronRendererSecureStorageService,
+    deps: [],
+  }),
+  safeProvider({ provide: MEMORY_STORAGE, useClass: MemoryStorageService, deps: [] }),
+  safeProvider({
+    provide: OBSERVABLE_MEMORY_STORAGE,
+    useClass: MemoryStorageServiceForStateProviders,
+    deps: [],
+  }),
+  safeProvider({ provide: OBSERVABLE_DISK_STORAGE, useExisting: AbstractStorageService }),
+  safeProvider({
+    provide: SystemServiceAbstraction,
+    useClass: SystemService,
+    deps: [
+      MessagingServiceAbstraction,
+      PlatformUtilsServiceAbstraction,
+      RELOAD_CALLBACK,
+      StateServiceAbstraction,
+      AutofillSettingsServiceAbstraction,
+      VaultTimeoutSettingsService,
+      BiometricStateService,
+    ],
+  }),
+  safeProvider({
+    provide: StateServiceAbstraction,
+    useClass: ElectronStateService,
+    deps: [
+      AbstractStorageService,
+      SECURE_STORAGE,
+      MEMORY_STORAGE,
+      LogService,
+      DESKTOP_STATE_FACTORY,
+      AccountServiceAbstraction,
+      EnvironmentService,
+      TokenService,
+      MigrationRunner,
+      STATE_SERVICE_USE_CACHE,
+    ],
+  }),
+  safeProvider({
+    provide: FileDownloadService,
+    useClass: DesktopFileDownloadService,
+    deps: [],
+  }),
+  safeProvider({
+    provide: SYSTEM_THEME_OBSERVABLE,
+    useFactory: () => fromIpcSystemTheme(),
+    deps: [],
+  }),
+  safeProvider({
+    provide: EncryptedMessageHandlerService,
+    deps: [
+      StateServiceAbstraction,
+      AuthServiceAbstraction,
+      CipherServiceAbstraction,
+      PolicyServiceAbstraction,
+      MessagingServiceAbstraction,
+      PasswordGenerationServiceAbstraction,
+    ],
+  }),
+  safeProvider({
+    provide: NativeMessageHandlerService,
+    deps: [
+      StateServiceAbstraction,
+      CryptoServiceAbstraction,
+      CryptoFunctionServiceAbstraction,
+      MessagingServiceAbstraction,
+      EncryptedMessageHandlerService,
+      DialogService,
+      DesktopAutofillSettingsService,
+    ],
+  }),
+  safeProvider({
+    provide: CryptoFunctionServiceAbstraction,
+    useClass: RendererCryptoFunctionService,
+    deps: [WINDOW],
+  }),
+  safeProvider({
+    provide: CryptoServiceAbstraction,
+    useClass: ElectronCryptoService,
+    deps: [
+      KeyGenerationServiceAbstraction,
+      CryptoFunctionServiceAbstraction,
+      EncryptService,
+      PlatformUtilsServiceAbstraction,
+      LogService,
+      StateServiceAbstraction,
+      AccountServiceAbstraction,
+      StateProvider,
+      BiometricStateService,
+    ],
+  }),
+  safeProvider({
+    provide: DesktopSettingsService,
+    deps: [StateProvider],
+  }),
+  safeProvider({
+    provide: DesktopAutofillSettingsService,
+    deps: [StateProvider],
+  }),
+];
 
 @NgModule({
   imports: [JslibServicesModule],
   declarations: [],
-  providers: [
-    InitService,
-    NativeMessagingService,
-    SearchBarService,
-    LoginGuard,
-    DialogService,
-    {
-      provide: APP_INITIALIZER,
-      useFactory: (initService: InitService) => initService.init(),
-      deps: [InitService],
-      multi: true,
-    },
-    {
-      provide: STATE_FACTORY,
-      useValue: new StateFactory(GlobalState, Account),
-    },
-    {
-      provide: RELOAD_CALLBACK,
-      useValue: null,
-    },
-    { provide: LogServiceAbstraction, useClass: ElectronLogRendererService, deps: [] },
-    {
-      provide: PlatformUtilsServiceAbstraction,
-      useClass: ElectronPlatformUtilsService,
-      deps: [I18nServiceAbstraction, MessagingServiceAbstraction],
-    },
-    {
-      // We manually override the value of SUPPORTS_SECURE_STORAGE here to avoid
-      // the TokenService having to inject the PlatformUtilsService which introduces a
-      // circular dependency on Desktop only.
-      provide: SUPPORTS_SECURE_STORAGE,
-      useValue: ELECTRON_SUPPORTS_SECURE_STORAGE,
-    },
-    {
-      provide: I18nServiceAbstraction,
-      useClass: I18nRendererService,
-      deps: [SYSTEM_LANGUAGE, LOCALES_DIRECTORY, GlobalStateProvider],
-    },
-    {
-      provide: MessagingServiceAbstraction,
-      useClass: ElectronRendererMessagingService,
-      deps: [BroadcasterServiceAbstraction],
-    },
-    { provide: AbstractStorageService, useClass: ElectronRendererStorageService },
-    { provide: SECURE_STORAGE, useClass: ElectronRendererSecureStorageService },
-    { provide: MEMORY_STORAGE, useClass: MemoryStorageService },
-    { provide: OBSERVABLE_MEMORY_STORAGE, useClass: MemoryStorageServiceForStateProviders },
-    { provide: OBSERVABLE_DISK_STORAGE, useExisting: AbstractStorageService },
-    {
-      provide: SystemServiceAbstraction,
-      useClass: SystemService,
-      deps: [
-        MessagingServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        RELOAD_CALLBACK,
-        StateServiceAbstraction,
-        AutofillSettingsServiceAbstraction,
-        VaultTimeoutSettingsService,
-        BiometricStateService,
-      ],
-    },
-    {
-      provide: StateServiceAbstraction,
-      useClass: ElectronStateService,
-      deps: [
-        AbstractStorageService,
-        SECURE_STORAGE,
-        MEMORY_STORAGE,
-        LogService,
-        STATE_FACTORY,
-        AccountServiceAbstraction,
-        EnvironmentService,
-        TokenService,
-        MigrationRunner,
-        STATE_SERVICE_USE_CACHE,
-      ],
-    },
-    {
-      provide: FileDownloadService,
-      useClass: DesktopFileDownloadService,
-    },
-    {
-      provide: SYSTEM_THEME_OBSERVABLE,
-      useFactory: () => fromIpcSystemTheme(),
-    },
-    {
-      provide: EncryptedMessageHandlerService,
-      deps: [
-        StateServiceAbstraction,
-        AuthServiceAbstraction,
-        CipherServiceAbstraction,
-        PolicyServiceAbstraction,
-        MessagingServiceAbstraction,
-        PasswordGenerationServiceAbstraction,
-      ],
-    },
-    {
-      provide: NativeMessageHandlerService,
-      deps: [
-        StateServiceAbstraction,
-        CryptoServiceAbstraction,
-        CryptoFunctionServiceAbstraction,
-        MessagingServiceAbstraction,
-        EncryptedMessageHandlerService,
-        DialogService,
-      ],
-    },
-    {
-      provide: LoginServiceAbstraction,
-      useClass: LoginService,
-      deps: [StateServiceAbstraction],
-    },
-    {
-      provide: CryptoFunctionServiceAbstraction,
-      useClass: RendererCryptoFunctionService,
-      deps: [WINDOW],
-    },
-    {
-      provide: CryptoServiceAbstraction,
-      useClass: ElectronCryptoService,
-      deps: [
-        KeyGenerationServiceAbstraction,
-        CryptoFunctionServiceAbstraction,
-        EncryptService,
-        PlatformUtilsServiceAbstraction,
-        LogService,
-        StateServiceAbstraction,
-        AccountServiceAbstraction,
-        StateProvider,
-        BiometricStateService,
-      ],
-    },
-  ],
+  // Do not register your dependency here! Add it to the typesafeProviders array using the helper function
+  providers: safeProviders,
 })
 export class ServicesModule {}
diff --git a/apps/desktop/src/app/tools/export/export.component.html b/apps/desktop/src/app/tools/export/export.component.html
index 8b3af4f1da..0058a0925c 100644
--- a/apps/desktop/src/app/tools/export/export.component.html
+++ b/apps/desktop/src/app/tools/export/export.component.html
@@ -2,14 +2,14 @@
   <div class="modal-dialog" role="document">
     <form class="modal-content" #form (ngSubmit)="submit()" [formGroup]="exportForm">
       <div class="modal-body">
-        <app-callout
+        <bit-callout
           type="warning"
           title="{{ 'vaultExportDisabled' | i18n }}"
           *ngIf="disabledByPolicy"
         >
           {{ "personalVaultExportPolicyInEffect" | i18n }}
-        </app-callout>
-        <app-export-scope-callout *ngIf="!disabledByPolicy"></app-export-scope-callout>
+        </bit-callout>
+        <tools-export-scope-callout *ngIf="!disabledByPolicy"></tools-export-scope-callout>
         <div class="box">
           <h1 class="box-header" id="exportTitle">
             {{ "exportVault" | i18n }}
diff --git a/apps/desktop/src/app/tools/export/export.component.ts b/apps/desktop/src/app/tools/export/export.component.ts
index 3a740122eb..80ae3c80f9 100644
--- a/apps/desktop/src/app/tools/export/export.component.ts
+++ b/apps/desktop/src/app/tools/export/export.component.ts
@@ -1,7 +1,6 @@
 import { Component, OnInit } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 
-import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -12,6 +11,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
+import { ExportComponent as BaseExportComponent } from "@bitwarden/vault-export-ui";
 
 @Component({
   selector: "app-export",
diff --git a/apps/desktop/src/app/tools/generator.component.html b/apps/desktop/src/app/tools/generator.component.html
index aa77aafc14..9af67522de 100644
--- a/apps/desktop/src/app/tools/generator.component.html
+++ b/apps/desktop/src/app/tools/generator.component.html
@@ -5,12 +5,12 @@
         <h1 class="modal-title" id="generatorTitle">
           {{ "generator" | i18n }}
         </h1>
-        <app-callout
+        <bit-callout
           type="info"
           *ngIf="enforcedPasswordPolicyOptions?.inEffect() && type === 'password'"
         >
           {{ "passwordGeneratorPolicyInEffect" | i18n }}
-        </app-callout>
+        </bit-callout>
         <div class="generated-block" *ngIf="type === 'password'">
           <div
             class="generated-wrapper"
diff --git a/apps/desktop/src/app/tools/send/add-edit.component.html b/apps/desktop/src/app/tools/send/add-edit.component.html
index cc1169bc79..3d8231d07c 100644
--- a/apps/desktop/src/app/tools/send/add-edit.component.html
+++ b/apps/desktop/src/app/tools/send/add-edit.component.html
@@ -2,12 +2,12 @@
   <div class="content">
     <div class="inner-content" *ngIf="send">
       <div class="box">
-        <app-callout *ngIf="disableSend">
+        <bit-callout *ngIf="disableSend">
           <span>{{ "sendDisabledWarning" | i18n }}</span>
-        </app-callout>
-        <app-callout type="info" *ngIf="disableHideEmail && !disableSend">
+        </bit-callout>
+        <bit-callout type="info" *ngIf="disableHideEmail && !disableSend">
           {{ "sendOptionsPolicyInEffect" | i18n }}
-        </app-callout>
+        </bit-callout>
       </div>
       <div class="box">
         <h2 class="box-header">
diff --git a/apps/desktop/src/auth/hint.component.ts b/apps/desktop/src/auth/hint.component.ts
index 5eeeb8106e..cee1f18981 100644
--- a/apps/desktop/src/auth/hint.component.ts
+++ b/apps/desktop/src/auth/hint.component.ts
@@ -2,8 +2,8 @@ import { Component } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { HintComponent as BaseHintComponent } from "@bitwarden/angular/auth/components/hint.component";
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -19,8 +19,8 @@ export class HintComponent extends BaseHintComponent {
     i18nService: I18nService,
     apiService: ApiService,
     logService: LogService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
   ) {
-    super(router, i18nService, apiService, platformUtilsService, logService, loginService);
+    super(router, i18nService, apiService, platformUtilsService, logService, loginEmailService);
   }
 }
diff --git a/apps/desktop/src/auth/lock.component.spec.ts b/apps/desktop/src/auth/lock.component.spec.ts
index 6ecf93deb8..0339889bf7 100644
--- a/apps/desktop/src/auth/lock.component.spec.ts
+++ b/apps/desktop/src/auth/lock.component.spec.ts
@@ -12,6 +12,7 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaul
 import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
@@ -23,7 +24,10 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { BiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { UserId } from "@bitwarden/common/types/guid";
 import { DialogService } from "@bitwarden/components";
 
 import { LockComponent } from "./lock.component";
@@ -49,6 +53,9 @@ describe("LockComponent", () => {
   let platformUtilsServiceMock: MockProxy<PlatformUtilsService>;
   let activatedRouteMock: MockProxy<ActivatedRoute>;
 
+  const mockUserId = Utils.newGuid() as UserId;
+  const accountService: FakeAccountService = mockAccountServiceWith(mockUserId);
+
   beforeEach(async () => {
     stateServiceMock = mock<StateService>();
     stateServiceMock.activeAccount$ = of(null);
@@ -147,6 +154,10 @@ describe("LockComponent", () => {
           provide: BiometricStateService,
           useValue: biometricStateService,
         },
+        {
+          provide: AccountService,
+          useValue: accountService,
+        },
       ],
       schemas: [NO_ERRORS_SCHEMA],
     }).compileComponents();
diff --git a/apps/desktop/src/auth/lock.component.ts b/apps/desktop/src/auth/lock.component.ts
index 7403f7481d..8b1448c06f 100644
--- a/apps/desktop/src/auth/lock.component.ts
+++ b/apps/desktop/src/auth/lock.component.ts
@@ -9,6 +9,7 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaul
 import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType } from "@bitwarden/common/enums";
@@ -59,6 +60,7 @@ export class LockComponent extends BaseLockComponent {
     userVerificationService: UserVerificationService,
     pinCryptoService: PinCryptoServiceAbstraction,
     biometricStateService: BiometricStateService,
+    accountService: AccountService,
   ) {
     super(
       router,
@@ -81,6 +83,7 @@ export class LockComponent extends BaseLockComponent {
       userVerificationService,
       pinCryptoService,
       biometricStateService,
+      accountService,
     );
   }
 
diff --git a/apps/desktop/src/auth/login/login-via-auth-request.component.ts b/apps/desktop/src/auth/login/login-via-auth-request.component.ts
index b4242c36fb..0a339030ba 100644
--- a/apps/desktop/src/auth/login/login-via-auth-request.component.ts
+++ b/apps/desktop/src/auth/login/login-via-auth-request.component.ts
@@ -1,5 +1,5 @@
 import { Location } from "@angular/common";
-import { Component, OnDestroy, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
+import { Component, ViewChild, ViewContainerRef } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { LoginViaAuthRequestComponent as BaseLoginWithDeviceComponent } from "@bitwarden/angular/auth/components/login-via-auth-request.component";
@@ -7,12 +7,13 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import {
   AuthRequestServiceAbstraction,
   LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -31,10 +32,7 @@ import { EnvironmentComponent } from "../environment.component";
   selector: "app-login-via-auth-request",
   templateUrl: "login-via-auth-request.component.html",
 })
-export class LoginViaAuthRequestComponent
-  extends BaseLoginWithDeviceComponent
-  implements OnInit, OnDestroy
-{
+export class LoginViaAuthRequestComponent extends BaseLoginWithDeviceComponent {
   @ViewChild("environment", { read: ViewContainerRef, static: true })
   environmentModal: ViewContainerRef;
   showingModal = false;
@@ -56,10 +54,11 @@ export class LoginViaAuthRequestComponent
     private modalService: ModalService,
     syncService: SyncService,
     stateService: StateService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
     deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     authRequestService: AuthRequestServiceAbstraction,
     loginStrategyService: LoginStrategyServiceAbstraction,
+    accountService: AccountService,
     private location: Location,
   ) {
     super(
@@ -77,10 +76,11 @@ export class LoginViaAuthRequestComponent
       anonymousHubService,
       validationService,
       stateService,
-      loginService,
+      loginEmailService,
       deviceTrustCryptoService,
       authRequestService,
       loginStrategyService,
+      accountService,
     );
 
     super.onSuccessfulLogin = () => {
@@ -109,10 +109,6 @@ export class LoginViaAuthRequestComponent
     });
   }
 
-  ngOnDestroy(): void {
-    super.ngOnDestroy();
-  }
-
   back() {
     this.location.back();
   }
diff --git a/apps/desktop/src/auth/login/login.component.html b/apps/desktop/src/auth/login/login.component.html
index 06ee5db32d..eef0580d4e 100644
--- a/apps/desktop/src/auth/login/login.component.html
+++ b/apps/desktop/src/auth/login/login.component.html
@@ -99,7 +99,7 @@
                 class="btn block"
                 type="button"
                 routerLink="/accessibility-cookie"
-                (click)="setFormValues()"
+                (click)="setLoginEmailValues()"
               >
                 <i class="bwi bwi-universal-access" aria-hidden="true"></i>
                 {{ "loadAccessibilityCookie" | i18n }}
@@ -139,7 +139,7 @@
             type="button"
             class="text text-primary password-hint-btn"
             routerLink="/hint"
-            (click)="setFormValues()"
+            (click)="setLoginEmailValues()"
           >
             {{ "getMasterPasswordHint" | i18n }}
           </button>
diff --git a/apps/desktop/src/auth/login/login.component.ts b/apps/desktop/src/auth/login/login.component.ts
index d2e53ad0f2..eb7b924362 100644
--- a/apps/desktop/src/auth/login/login.component.ts
+++ b/apps/desktop/src/auth/login/login.component.ts
@@ -7,9 +7,11 @@ import { EnvironmentSelectorComponent } from "@bitwarden/angular/auth/components
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
@@ -49,10 +51,6 @@ export class LoginComponent extends BaseLoginComponent implements OnDestroy {
     return this.formGroup.value.email;
   }
 
-  get selfHostedDomain() {
-    return this.environmentService.hasBaseUrl() ? this.environmentService.getWebVaultUrl() : null;
-  }
-
   constructor(
     devicesApiService: DevicesApiServiceAbstraction,
     appIdService: AppIdService,
@@ -73,7 +71,7 @@ export class LoginComponent extends BaseLoginComponent implements OnDestroy {
     formBuilder: FormBuilder,
     formValidationErrorService: FormValidationErrorsService,
     route: ActivatedRoute,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     webAuthnLoginService: WebAuthnLoginServiceAbstraction,
   ) {
@@ -93,7 +91,7 @@ export class LoginComponent extends BaseLoginComponent implements OnDestroy {
       formBuilder,
       formValidationErrorService,
       route,
-      loginService,
+      loginEmailService,
       ssoLoginService,
       webAuthnLoginService,
     );
@@ -152,9 +150,6 @@ export class LoginComponent extends BaseLoginComponent implements OnDestroy {
     // eslint-disable-next-line rxjs/no-async-subscribe
     childComponent.onSaved.pipe(takeUntil(this.componentDestroyed$)).subscribe(async () => {
       modal.close();
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.environmentSelector.updateEnvironmentInfo();
       await this.getLoginWithDevice(this.loggedEmail);
     });
   }
diff --git a/apps/desktop/src/auth/set-password.component.ts b/apps/desktop/src/auth/set-password.component.ts
index 9505cf6aa1..a75668a856 100644
--- a/apps/desktop/src/auth/set-password.component.ts
+++ b/apps/desktop/src/auth/set-password.component.ts
@@ -2,6 +2,7 @@ import { Component, NgZone, OnDestroy } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/auth/components/set-password.component";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
@@ -44,6 +45,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
     stateService: StateService,
     organizationApiService: OrganizationApiServiceAbstraction,
     organizationUserService: OrganizationUserService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     dialogService: DialogService,
   ) {
@@ -62,6 +64,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
       stateService,
       organizationApiService,
       organizationUserService,
+      userDecryptionOptionsService,
       ssoLoginService,
       dialogService,
     );
diff --git a/apps/desktop/src/auth/sso.component.ts b/apps/desktop/src/auth/sso.component.ts
index 123961482a..210319b9ed 100644
--- a/apps/desktop/src/auth/sso.component.ts
+++ b/apps/desktop/src/auth/sso.component.ts
@@ -2,10 +2,13 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SsoComponent as BaseSsoComponent } from "@bitwarden/angular/auth/components/sso.component";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -34,7 +37,8 @@ export class SsoComponent extends BaseSsoComponent {
     environmentService: EnvironmentService,
     passwordGenerationService: PasswordGenerationServiceAbstraction,
     logService: LogService,
-    configService: ConfigServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+    configService: ConfigService,
   ) {
     super(
       ssoLoginService,
@@ -49,6 +53,7 @@ export class SsoComponent extends BaseSsoComponent {
       environmentService,
       passwordGenerationService,
       logService,
+      userDecryptionOptionsService,
       configService,
     );
     super.onSuccessfulLogin = async () => {
diff --git a/apps/desktop/src/auth/two-factor.component.ts b/apps/desktop/src/auth/two-factor.component.ts
index 7c624f4adb..fdbc52b4bf 100644
--- a/apps/desktop/src/auth/two-factor.component.ts
+++ b/apps/desktop/src/auth/two-factor.component.ts
@@ -1,18 +1,22 @@
 import { Component, Inject, NgZone, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -52,9 +56,10 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     logService: LogService,
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
     @Inject(WINDOW) protected win: Window,
   ) {
     super(
@@ -70,7 +75,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       logService,
       twoFactorService,
       appIdService,
-      loginService,
+      loginEmailService,
+      userDecryptionOptionsService,
       ssoLoginService,
       configService,
     );
@@ -136,7 +142,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     }
   }
 
-  override launchDuoFrameless() {
+  override async launchDuoFrameless() {
     const duoHandOffMessage = {
       title: this.i18nService.t("youSuccessfullyLoggedIn"),
       message: this.i18nService.t("youMayCloseThisWindow"),
@@ -145,8 +151,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
 
     // we're using the connector here as a way to set a cookie with translations
     // before continuing to the duo frameless url
+    const env = await firstValueFrom(this.environmentService.environment$);
     const launchUrl =
-      this.environmentService.getWebVaultUrl() +
+      env.getWebVaultUrl() +
       "/duo-redirect-connector.html" +
       "?duoFramelessUrl=" +
       encodeURIComponent(this.duoFramelessUrl) +
diff --git a/apps/desktop/src/autofill/services/desktop-autofill-settings.service.ts b/apps/desktop/src/autofill/services/desktop-autofill-settings.service.ts
new file mode 100644
index 0000000000..d60a08a9fe
--- /dev/null
+++ b/apps/desktop/src/autofill/services/desktop-autofill-settings.service.ts
@@ -0,0 +1,29 @@
+import { map } from "rxjs";
+
+import {
+  AUTOFILL_SETTINGS_DISK,
+  KeyDefinition,
+  StateProvider,
+} from "@bitwarden/common/platform/state";
+
+const ENABLE_DUCK_DUCK_GO_BROWSER_INTEGRATION = new KeyDefinition(
+  AUTOFILL_SETTINGS_DISK,
+  "enableDuckDuckGoBrowserIntegration",
+  {
+    deserializer: (v: boolean) => v,
+  },
+);
+
+export class DesktopAutofillSettingsService {
+  private enableDuckDuckGoBrowserIntegrationState = this.stateProvider.getGlobal(
+    ENABLE_DUCK_DUCK_GO_BROWSER_INTEGRATION,
+  );
+  readonly enableDuckDuckGoBrowserIntegration$ =
+    this.enableDuckDuckGoBrowserIntegrationState.state$.pipe(map((x) => x ?? false));
+
+  constructor(private stateProvider: StateProvider) {}
+
+  async setEnableDuckDuckGoBrowserIntegration(newValue: boolean): Promise<void> {
+    await this.enableDuckDuckGoBrowserIntegrationState.update(() => newValue);
+  }
+}
diff --git a/apps/desktop/src/locales/af/messages.json b/apps/desktop/src/locales/af/messages.json
index 6d6542bc69..b1deba9dd9 100644
--- a/apps/desktop/src/locales/af/messages.json
+++ b/apps/desktop/src/locales/af/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Aktiveer ’n bykomende sekuriteitsvlak deur ’n vingerafdrukfrase te vereis wanneer u rekenaar en blaaier gekoppel word. Wanneer geaktiveer moet u elke verbinding bevestig."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Keur goed"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ar/messages.json b/apps/desktop/src/locales/ar/messages.json
index e65cf5fe12..b95501bbfd 100644
--- a/apps/desktop/src/locales/ar/messages.json
+++ b/apps/desktop/src/locales/ar/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "أضف طبقة أمان إضافية عن طريق طلب تأكيد عبارة بصمة الإصبع عند إنشاء رابط بين سطح المكتب الخاص بك والمتصفح. هذا يتطلب إجراء المستخدم والتحقق في كل مرة يتم فيها إنشاء اتصال."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "الموافقة"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "جارٍ تسجيل الدخول"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "استضافة ذاتية"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "تنسيقات مشتركة",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/az/messages.json b/apps/desktop/src/locales/az/messages.json
index 65356202fe..a18d752620 100644
--- a/apps/desktop/src/locales/az/messages.json
+++ b/apps/desktop/src/locales/az/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Masaüstü tətbiqi ilə brauzer arasında bağlantı qurarkən barmaq izi ifadəsinin təsdiqlənməsini tələb edərək əlavə bir güvənlik qatını fəallaşdıra bilərsiniz. Bu, hər bağlantı qurulanda istifadəçi müdaxiləsi və doğrulama tələb edir."
   },
+  "enableHardwareAcceleration": {
+    "message": "Avadanlıq sürətləndirməsini istifadə et"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "İlkin olaraq bu ayar AÇIQDIR. Yalnız qrafik problemlərlə üzləşsəniz SÖNDÜRÜN. Yenidən başlatma tələb olunur."
+  },
   "approve": {
     "message": "Təsdiqlə"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Giriş edilir"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "öz-özünə sahiblik edən"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Ortaq formatlar",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/be/messages.json b/apps/desktop/src/locales/be/messages.json
index df6128ea9f..0529c407a4 100644
--- a/apps/desktop/src/locales/be/messages.json
+++ b/apps/desktop/src/locales/be/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Дадайце дадатковы слой бяспекі, патрабуючы пацвярджэнне адбітка фразы пры ўсталяванні сувязі паміж камп'ютарам і браўзерам. Гэта запатрабуе дзеянняў карыстальніка і праверкі пры кожным стварэнні злучэння."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Зацвердзіць"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Увайсці на"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/bg/messages.json b/apps/desktop/src/locales/bg/messages.json
index 35c680345c..3217f167ed 100644
--- a/apps/desktop/src/locales/bg/messages.json
+++ b/apps/desktop/src/locales/bg/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Допълнително ниво на сигурност, чрез изискване на потвърждаване на биометричните данни при създаване на връзка между самостоятелното приложение и браузъра. При включваното му потребителят трябва да потвърждава всяко установяване на връзка."
   },
+  "enableHardwareAcceleration": {
+    "message": "Използване на хардуерно ускорение"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Тази настройка по подразбиране е включена. Изключете я, само ако изпитвате графични проблеми. Нужно е рестартиране."
+  },
   "approve": {
     "message": "Одобряване"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Вписване в"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "собствен хостинг"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Често използвани формати",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Отстраняване на проблеми"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Изключете хардуерното ускорение и рестартирайте"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Включете хардуерното ускорение и рестартирайте"
   }
 }
diff --git a/apps/desktop/src/locales/bn/messages.json b/apps/desktop/src/locales/bn/messages.json
index 5908053167..9599fc6827 100644
--- a/apps/desktop/src/locales/bn/messages.json
+++ b/apps/desktop/src/locales/bn/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/bs/messages.json b/apps/desktop/src/locales/bs/messages.json
index 2f9b0ac0c3..6e6ca99bac 100644
--- a/apps/desktop/src/locales/bs/messages.json
+++ b/apps/desktop/src/locales/bs/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Uključi dodatni sloj sigurnosti tražeći verifikaciju jedinstvenom frazom prilikom povezivanja Desktop-a i preglednika. Kada je ovo uključeno, potrebno je verificirati prilikom svakog novog povezivanja."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Odobri"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ca/messages.json b/apps/desktop/src/locales/ca/messages.json
index 8ae932bfa6..3cdedd0274 100644
--- a/apps/desktop/src/locales/ca/messages.json
+++ b/apps/desktop/src/locales/ca/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Habilita una capa de seguretat addicional mitjançant la validació de frases d'empremtes dactilars quan estableix un enllaç entre l'escriptori i el navegador. Quan està habilitat, requereix la intervenció i verificació de l'usuari cada vegada que s'estableix una connexió."
   },
+  "enableHardwareAcceleration": {
+    "message": "Utilitza l'acceleració de maquinari"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Per defecte, aquesta configuració està activada. Apagueu només si teniu problemes gràfics. Cal reiniciar."
+  },
   "approve": {
     "message": "Aprova"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Inici de sessió en"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "autoallotjat"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Formats comuns",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Resolució de problemes"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Desactiveu l'acceleració de maquinari i reinicieu"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Activeu l'acceleració i reinicieu el maquinari"
   }
 }
diff --git a/apps/desktop/src/locales/cs/messages.json b/apps/desktop/src/locales/cs/messages.json
index 660b626749..efa1dccdc1 100644
--- a/apps/desktop/src/locales/cs/messages.json
+++ b/apps/desktop/src/locales/cs/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Přidá další vrstvu zabezpečení vyžadováním ověření frází otisků prstů při vytvoření propojení mezi plochou a prohlížečem. Pokud je povoleno, vyžaduje to zásah uživatele a ověření pokaždé, když je navázáno spojení."
   },
+  "enableHardwareAcceleration": {
+    "message": "Používat hardwarovou akceleraci"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Ve výchozím nastavení je toto nastavení zapnuto. Vypněte jen v případě problémů s grafikou. Je vyžadováno restartování."
+  },
   "approve": {
     "message": "Schválit"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Přihlašování na"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "vlastní hosting"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Společné formáty",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Řešení problémů"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Zakázat hardwarovou akceleraci a restartovat"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Povolit hardwarovou akceleraci a restartovat"
   }
 }
diff --git a/apps/desktop/src/locales/cy/messages.json b/apps/desktop/src/locales/cy/messages.json
index 1e9bf0ac7e..65ce77b340 100644
--- a/apps/desktop/src/locales/cy/messages.json
+++ b/apps/desktop/src/locales/cy/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/da/messages.json b/apps/desktop/src/locales/da/messages.json
index c3c42e2904..0da6c705ca 100644
--- a/apps/desktop/src/locales/da/messages.json
+++ b/apps/desktop/src/locales/da/messages.json
@@ -545,7 +545,7 @@
     "message": "Angivelse af hovedadgangskode igen er obligatorisk."
   },
   "masterPasswordMinlength": {
-    "message": "Master password must be at least $VALUE$ characters long.",
+    "message": "Hovedadgangskoden skal udgøre minimum $VALUE$ tegn.",
     "description": "The Master Password must be at least a specific number of characters long.",
     "placeholders": {
       "value": {
@@ -780,7 +780,7 @@
     "message": "Kontakt os"
   },
   "helpAndFeedback": {
-    "message": "Help and feedback"
+    "message": "Hjælp og feedback"
   },
   "getHelp": {
     "message": "Få hjælp"
@@ -1420,10 +1420,10 @@
     "message": "oplås din boks"
   },
   "autoPromptWindowsHello": {
-    "message": "Bed om Windows Hello ved start"
+    "message": "Anmod om Windows Hello ved app-start"
   },
   "autoPromptTouchId": {
-    "message": "Bed om Touch ID ved start"
+    "message": "Anmod om Touch ID ved app-start"
   },
   "requirePasswordOnStart": {
     "message": "Kræv adgangskode eller PIN-kode ved app-start"
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Tilføj et ekstra sikkerhedslag ved at kræve bekræftelse af fingeraftrykssætning, når der oprettes forbindelse mellem din computer og din browser. Dette kræver brugerhandling og bekræftelse, hver gang der forbindelse oprettes."
   },
+  "enableHardwareAcceleration": {
+    "message": "Benyt hardwareacceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Denne indstilling er som standard TIL. Slå kun FRA, hvis der opleves grafiske problemer. Genstart kræves."
+  },
   "approve": {
     "message": "Godkend"
   },
@@ -1925,7 +1931,7 @@
     "message": "Minutter"
   },
   "vaultTimeoutPolicyInEffect": {
-    "message": "Organisationspolitikker påvirker din boks-timeout. Maksimalt tilladt boks-timeout er $HOURS$ time(r) og $MINUTES$ minut(ter)",
+    "message": "Organisationspolitikkerne har fastsat den maksimalt tilladte boks-timeout til $HOURS$ time(r) og $MINUTES$ minut(ter).",
     "placeholders": {
       "hours": {
         "content": "$1",
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logger ind på"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "selv-hostet"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Almindelige formater",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Fejlfinding"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Deaktivér hardwareacceleration og genstart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Aktivér hardwareacceleration og genstart"
   }
 }
diff --git a/apps/desktop/src/locales/de/messages.json b/apps/desktop/src/locales/de/messages.json
index 27e6b048cc..bacf158023 100644
--- a/apps/desktop/src/locales/de/messages.json
+++ b/apps/desktop/src/locales/de/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Eine zusätzliche Sicherheitsebene hinzufügen, indem eine Fingerabdruck-Phrasen-Validierung verlangt wird, wenn eine Verbindung zwischen deiner Desktop-Anwendung und dem Browser aufgebaut wird. Nach Aktivierung ist bei jedem Verbindungsaufbau ein Benutzer-Eingriff und Verifizierung erforderlich."
   },
+  "enableHardwareAcceleration": {
+    "message": "Hardwarebeschleunigung verwenden"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Standardmäßig ist diese Einstellung eingeschaltet. Schalte sie nur aus, wenn grafische Probleme auftreten. Neustart ist erforderlich."
+  },
   "approve": {
     "message": "Genehmigen"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Anmelden bei"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "selbst gehostet"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Gängigste Formate",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Problembehandlung"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Hardwarebeschleunigung deaktivieren und neu starten"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Hardwarebeschleunigung aktivieren und neu starten"
   }
 }
diff --git a/apps/desktop/src/locales/el/messages.json b/apps/desktop/src/locales/el/messages.json
index a7e3dcc53c..f5e18bdb85 100644
--- a/apps/desktop/src/locales/el/messages.json
+++ b/apps/desktop/src/locales/el/messages.json
@@ -404,7 +404,7 @@
     "message": "Μήκος"
   },
   "passwordMinLength": {
-    "message": "Minimum password length"
+    "message": "Ελάχιστο μήκος κωδικού"
   },
   "uppercase": {
     "message": "Κεφαλαία (A-Z)"
@@ -479,7 +479,7 @@
     "message": "Το μέγιστο μέγεθος αρχείου είναι 500 MB."
   },
   "encryptionKeyMigrationRequired": {
-    "message": "Encryption key migration required. Please login through the web vault to update your encryption key."
+    "message": "Απαιτείται μεταφορά κλειδιού κρυπτογράφησης. Παρακαλούμε συνδεθείτε μέσω του διαδικτυακής κρύπτης για να ενημερώσετε το κλειδί κρυπτογράφησης."
   },
   "editedFolder": {
     "message": "Ο φάκελος αποθηκεύτηκε"
@@ -561,10 +561,10 @@
     "message": "Ο λογαριασμός σας έχει δημιουργηθεί! Τώρα μπορείτε να συνδεθείτε."
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "Έχετε συνδεθεί επιτυχώς"
   },
   "youMayCloseThisWindow": {
-    "message": "You may close this window"
+    "message": "Μπορείτε να κλείσετε αυτό το παράθυρο"
   },
   "masterPassSent": {
     "message": "Σας στείλαμε ένα email με την υπόδειξη του κύριου κωδικού."
@@ -1087,7 +1087,7 @@
     "message": "1 GB κρυπτογραφημένο αποθηκευτικό χώρο για συνημμένα αρχεία."
   },
   "premiumSignUpTwoStepOptions": {
-    "message": "Proprietary two-step login options such as YubiKey and Duo."
+    "message": "Ιδιόκτητες επιλογές σύνδεσης δύο βημάτων, όπως το YubiKey και το Duo."
   },
   "premiumSignUpReports": {
     "message": "Ασφάλεια κωδικών, υγιής λογαριασμός και αναφορές παραβίασης δεδομένων για να διατηρήσετε ασφαλή τη λίστα σας."
@@ -1399,7 +1399,7 @@
     "message": "Μη έγκυρος κωδικός PIN."
   },
   "tooManyInvalidPinEntryAttemptsLoggingOut": {
-    "message": "Too many invalid PIN entry attempts. Logging out."
+    "message": "Πάρα πολλές άκυρες απόπειρες εισαγωγής PIN. Γίνεται αποσύνδεση."
   },
   "unlockWithWindowsHello": {
     "message": "Ξεκλειδώστε με το Windows Hello"
@@ -1414,7 +1414,7 @@
     "message": "Ξεκλείδωμα με Touch ID"
   },
   "additionalTouchIdSettings": {
-    "message": "Additional Touch ID settings"
+    "message": "Πρόσθετες ρυθμίσεις Touch ID"
   },
   "touchIdConsentMessage": {
     "message": "Ξεκλειδώστε το vault σας"
@@ -1505,7 +1505,7 @@
     "message": "Ένα αποσυνδεδεμένο vault απαιτεί να κάνετε ξανά έλεγχο ταυτότητας για να αποκτήσετε πρόσβαση σε αυτό."
   },
   "unlockMethodNeededToChangeTimeoutActionDesc": {
-    "message": "Set up an unlock method to change your vault timeout action."
+    "message": "Ρυθμίστε μια μέθοδο ξεκλειδώματος για να αλλάξετε την ενέργεια χρονικού ορίου κρύπτης."
   },
   "lock": {
     "message": "Κλείδωμα",
@@ -1546,15 +1546,15 @@
     "message": "Ορισμός Κύριου Κωδικού"
   },
   "orgPermissionsUpdatedMustSetPassword": {
-    "message": "Your organization permissions were updated, requiring you to set a master password.",
+    "message": "Τα δικαιώματα του οργανισμού σας ενημερώθηκαν, απαιτώντας από εσάς να ορίσετε έναν κύριο κωδικό πρόσβασης.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "orgRequiresYouToSetPassword": {
-    "message": "Your organization requires you to set a master password.",
+    "message": "Ο οργανισμός σας απαιτεί να ορίσετε έναν κύριο κωδικό πρόσβασης.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "verificationRequired": {
-    "message": "Verification required",
+    "message": "Απαιτείται επαλήθευση",
     "description": "Default title for the user verification dialog."
   },
   "currentMasterPass": {
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Ενεργοποιήστε ένα πρόσθετο επίπεδο ασφάλειας απαιτώντας επικύρωση φράσης δακτυλικών αποτυπωμάτων κατά τη δημιουργία μιας σύνδεσης μεταξύ της επιφάνειας εργασίας σας και του προγράμματος περιήγησης. Όταν ενεργοποιηθεί, αυτό απαιτεί παρέμβαση χρήστη και επαλήθευση κάθε φορά που δημιουργείται σύνδεση."
   },
+  "enableHardwareAcceleration": {
+    "message": "Χρήση επιτάχυνσης υλικού"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Εξ ορισμού αυτή η ρύθμιση είναι ΕΝΕΡΓΗ. Απενεργοποιήστε μόνο αν αντιμετωπίζετε γραφικά προβλήματα. Απαιτείται επανεκκίνηση."
+  },
   "approve": {
     "message": "Έγκριση"
   },
@@ -1684,7 +1690,7 @@
     "message": "Μια πολιτική του οργανισμού, επηρεάζει τις επιλογές ιδιοκτησίας σας."
   },
   "personalOwnershipPolicyInEffectImports": {
-    "message": "An organization policy has blocked importing items into your individual vault."
+    "message": "Μια πολιτική οργανισμού έχει αποτρέψει την εισαγωγή στοιχείων στην προσωπική κρύπτη σας."
   },
   "allSends": {
     "message": "Όλα τα Sends",
@@ -1880,43 +1886,43 @@
     "message": "Ο Κύριος Κωδικός Πρόσβασής σας άλλαξε πρόσφατα από διαχειριστή στον οργανισμό σας. Για να αποκτήσετε πρόσβαση στο vault, πρέπει να τον ενημερώσετε τώρα. Η διαδικασία θα σας αποσυνδέσει από την τρέχουσα συνεδρία σας, απαιτώντας από εσάς να συνδεθείτε ξανά. Οι ενεργές συνεδρίες σε άλλες συσκευές ενδέχεται να συνεχίσουν να είναι ενεργές για μία ώρα."
   },
   "updateWeakMasterPasswordWarning": {
-    "message": "Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now. Proceeding will log you out of your current session, requiring you to log back in. Active sessions on other devices may continue to remain active for up to one hour."
+    "message": "Ο κύριος κωδικός πρόσβασης δεν πληροί τις απαιτήσεις πολιτικής αυτού του οργανισμού. Για να έχετε πρόσβαση στην κρύπτη, πρέπει να ενημερώσετε τον κύριο κωδικό σας άμεσα. Η διαδικασία θα σάς αποσυνδέσει από την τρέχουσα συνεδρία σας, απαιτώντας να συνδεθείτε ξανά. Οι ενεργές συνεδρίες σε άλλες συσκευές ενδέχεται να συνεχίσουν να είναι ενεργές για το πολύ μία ώρα."
   },
   "tryAgain": {
-    "message": "Try again"
+    "message": "Προσπαθήστε ξανά"
   },
   "verificationRequiredForActionSetPinToContinue": {
-    "message": "Verification required for this action. Set a PIN to continue."
+    "message": "Απαιτείται επαλήθευση για αυτήν την ενέργεια. Ορίστε ένα PIN για να συνεχίσετε."
   },
   "setPin": {
-    "message": "Set PIN"
+    "message": "Ορισμός PIN"
   },
   "verifyWithBiometrics": {
-    "message": "Verify with biometrics"
+    "message": "Επαλήθευση με βιομετρικά"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "Σε αναμονή επιβεβαίωσης"
   },
   "couldNotCompleteBiometrics": {
-    "message": "Could not complete biometrics."
+    "message": "Αδύνατη η ολοκλήρωση των βιομετρικών."
   },
   "needADifferentMethod": {
-    "message": "Need a different method?"
+    "message": "Χρειάζεστε μια διαφορετική μέθοδο;"
   },
   "useMasterPassword": {
-    "message": "Use master password"
+    "message": "Χρήση κύριου κωδικού"
   },
   "usePin": {
-    "message": "Use PIN"
+    "message": "Χρήση PIN"
   },
   "useBiometrics": {
-    "message": "Use biometrics"
+    "message": "Χρήση βιομετρικών"
   },
   "enterVerificationCodeSentToEmail": {
-    "message": "Enter the verification code that was sent to your email."
+    "message": "Εισάγετε τον κωδικό επαλήθευσης που έχει σταλεί στο email σας."
   },
   "resendCode": {
-    "message": "Resend code"
+    "message": "Επαναποστολή κωδικού"
   },
   "hours": {
     "message": "Ώρες"
@@ -1938,7 +1944,7 @@
     }
   },
   "vaultTimeoutPolicyWithActionInEffect": {
-    "message": "Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is $HOURS$ hour(s) and $MINUTES$ minute(s). Your vault timeout action is set to $ACTION$.",
+    "message": "Οι πολιτικές του οργανισμού σας επηρεάζουν το χρονικό όριο λήξης της κρύ[της σας. Το μέγιστο επιτρεπόμενο χρονικό όριο λήξης vault είναι $HOURS$ ώρα(ες) και $MINUTES$ λεπτό(ά). H ενέργεια χρονικού ορίου λήξης της κρύπτης είναι ορισμένη ως $ACTION$.",
     "placeholders": {
       "hours": {
         "content": "$1",
@@ -1955,7 +1961,7 @@
     }
   },
   "vaultTimeoutActionPolicyInEffect": {
-    "message": "Your organization policies have set your vault timeout action to $ACTION$.",
+    "message": "Οι πολιτικές του οργανισμού σας έχουν ορίσει την ενέργεια χρονικού ορίου λήξης κρύπτης σε $ACTION$.",
     "placeholders": {
       "action": {
         "content": "$1",
@@ -2045,7 +2051,7 @@
     "message": "Εξαγωγή Προσωπικού Vault"
   },
   "exportingIndividualVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
+    "message": "Μόνο τα μεμονωμένα αντικείμενα κρύπτης που σχετίζονται με το $EMAIL$ θα εξαχθούν. Τα αντικείμενα κρύπτης οργανισμού δε θα συμπεριληφθούν. Μόνο πληροφορίες αντικειμένων κρύπτης θα εξαχθούν και δε θα περιλαμβάνουν συσχετιζόμενα συνημμένα.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -2170,7 +2176,7 @@
     "message": "Συνδεθείτε με άλλη συσκευή"
   },
   "loginInitiated": {
-    "message": "Login initiated"
+    "message": "Η σύνδεση ξεκίνησε"
   },
   "notificationSentDevice": {
     "message": "Μια ειδοποίηση έχει σταλεί στη συσκευή σας."
@@ -2304,7 +2310,7 @@
     }
   },
   "windowsBiometricUpdateWarning": {
-    "message": "Bitwarden recommends updating your biometric settings to require your master password (or PIN) on the first unlock. Would you like to update your settings now?"
+    "message": "Το Bitwarden συστήνει την ενημέρωση των βιομετρικών ρυθμίσεών σας ώστε να απαιτηθεί ο κύριος κωδικός πρόσβασης (ή PIN) στο πρώτο ξεκλείδωμα. Θέλετε να ενημερώσετε τις ρυθμίσεις σας τώρα;"
   },
   "windowsBiometricUpdateWarningTitle": {
     "message": "Ενημέρωση Προτεινόμενων Ρυθμίσεων"
@@ -2313,80 +2319,74 @@
     "message": "Απαιτείται έγκριση συσκευής. Επιλέξτε μια επιλογή έγκρισης παρακάτω:"
   },
   "rememberThisDevice": {
-    "message": "Remember this device"
+    "message": "Απομνημόνευση αυτής της συσκευής"
   },
   "uncheckIfPublicDevice": {
-    "message": "Uncheck if using a public device"
+    "message": "Αποεπιλογή αν γίνεται χρήση δημόσιας συσκευής"
   },
   "approveFromYourOtherDevice": {
-    "message": "Approve from your other device"
+    "message": "Έγκριση από άλλη συσκευή σας"
   },
   "requestAdminApproval": {
-    "message": "Request admin approval"
+    "message": "Αίτηση έγκρισης διαχειριστή"
   },
   "approveWithMasterPassword": {
-    "message": "Approve with master password"
+    "message": "Έγκριση με τον κύριο κωδικό"
   },
   "region": {
-    "message": "Region"
+    "message": "Περιοχή"
   },
   "ssoIdentifierRequired": {
-    "message": "Organization SSO identifier is required."
+    "message": "Απαιτείται αναγνωριστικό οργανισμού SSO."
   },
   "eu": {
-    "message": "EU",
+    "message": "ΕΕ",
     "description": "European Union"
   },
   "loggingInOn": {
-    "message": "Logging in on"
-  },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
+    "message": "Σύνδεση σε"
   },
   "selfHostedServer": {
-    "message": "self-hosted"
+    "message": "αυτο-φιλοξενούμενο"
   },
   "accessDenied": {
-    "message": "Access denied. You do not have permission to view this page."
+    "message": "Δεν επιτρέπεται η πρόσβαση. Δεν έχετε άδεια για να δείτε αυτή τη σελίδα."
   },
   "accountSuccessfullyCreated": {
-    "message": "Account successfully created!"
+    "message": "Επιτυχής δημιουργία λογαριασμού!"
   },
   "adminApprovalRequested": {
-    "message": "Admin approval requested"
+    "message": "Ζητήθηκε έγκριση διαχειριστή"
   },
   "adminApprovalRequestSentToAdmins": {
-    "message": "Your request has been sent to your admin."
+    "message": "Το αίτημά σας εστάλη στον διαχειριστή σας."
   },
   "youWillBeNotifiedOnceApproved": {
-    "message": "You will be notified once approved."
+    "message": "Θα ειδοποιηθείτε μόλις εγκριθεί."
   },
   "troubleLoggingIn": {
-    "message": "Trouble logging in?"
+    "message": "Πρόβλημα σύνδεσης;"
   },
   "loginApproved": {
-    "message": "Login approved"
+    "message": "Η σύνδεση εγκρίθηκε"
   },
   "userEmailMissing": {
-    "message": "User email missing"
+    "message": "Το email του χρήστη λείπει"
   },
   "deviceTrusted": {
-    "message": "Device trusted"
+    "message": "Αξιόπιστη συσκευή"
   },
   "inputRequired": {
-    "message": "Input is required."
+    "message": "Απαιτείται είσοδος."
   },
   "required": {
     "message": "απαιτείται"
   },
   "search": {
-    "message": "Search"
+    "message": "Αναζήτηση"
   },
   "inputMinLength": {
-    "message": "Input must be at least $COUNT$ characters long.",
+    "message": "Η είσοδος πρέπει να είναι τουλάχιστον $COUNT$ χαρακτήρες.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -2395,7 +2395,7 @@
     }
   },
   "inputMaxLength": {
-    "message": "Input must not exceed $COUNT$ characters in length.",
+    "message": "Η είσοδος δεν πρέπει να υπερβαίνει τους $COUNT$ χαρακτήρες.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -2404,7 +2404,7 @@
     }
   },
   "inputForbiddenCharacters": {
-    "message": "The following characters are not allowed: $CHARACTERS$",
+    "message": "Οι ακόλουθοι χαρακτήρες δεν επιτρέπονται: $CHARACTERS$",
     "placeholders": {
       "characters": {
         "content": "$1",
@@ -2413,7 +2413,7 @@
     }
   },
   "inputMinValue": {
-    "message": "Input value must be at least $MIN$.",
+    "message": "Η τιμή εισόδου πρέπει να είναι τουλάχιστον $MIN$.",
     "placeholders": {
       "min": {
         "content": "$1",
@@ -2422,7 +2422,7 @@
     }
   },
   "inputMaxValue": {
-    "message": "Input value must not exceed $MAX$.",
+    "message": "Η τιμή εισόδου δεν πρέπει να υπερβαίνει το $MAX$.",
     "placeholders": {
       "max": {
         "content": "$1",
@@ -2431,17 +2431,17 @@
     }
   },
   "multipleInputEmails": {
-    "message": "1 or more emails are invalid"
+    "message": "1 ή περισσότερα email δεν είναι έγκυρα"
   },
   "inputTrimValidator": {
-    "message": "Input must not contain only whitespace.",
+    "message": "Η είσοδος δεν πρέπει να περιέχει μόνο κενά.",
     "description": "Notification to inform the user that a form's input can't contain only whitespace."
   },
   "inputEmail": {
-    "message": "Input is not an email address."
+    "message": "Η είσοδος δεν είναι διεύθυνση email."
   },
   "fieldsNeedAttention": {
-    "message": "$COUNT$ field(s) above need your attention.",
+    "message": "$COUNT$ πεδίο(α) παραπάνω χρειάζονται την προσοχή σας.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -2450,22 +2450,22 @@
     }
   },
   "selectPlaceholder": {
-    "message": "-- Select --"
+    "message": "-- Επιλογή --"
   },
   "multiSelectPlaceholder": {
-    "message": "-- Type to filter --"
+    "message": "-- Πληκτρολογήστε για φιλτράρισμα --"
   },
   "multiSelectLoading": {
-    "message": "Retrieving options..."
+    "message": "Ανάκτηση επιλογών..."
   },
   "multiSelectNotFound": {
-    "message": "No items found"
+    "message": "Δεν βρέθηκαν αντικείμενα"
   },
   "multiSelectClearAll": {
-    "message": "Clear all"
+    "message": "Εκκαθάριση όλων"
   },
   "plusNMore": {
-    "message": "+ $QUANTITY$ more",
+    "message": "+ $QUANTITY$ ακόμα",
     "placeholders": {
       "quantity": {
         "content": "$1",
@@ -2474,44 +2474,44 @@
     }
   },
   "submenu": {
-    "message": "Submenu"
+    "message": "Υπομενού"
   },
   "skipToContent": {
-    "message": "Skip to content"
+    "message": "Μετάβαση στο περιεχόμενο"
   },
   "typePasskey": {
-    "message": "Passkey"
+    "message": "Κλειδί πρόσβασης"
   },
   "passkeyNotCopied": {
-    "message": "Passkey will not be copied"
+    "message": "Το κλειδί πρόσβασης δεν θα αντιγραφεί"
   },
   "passkeyNotCopiedAlert": {
-    "message": "The passkey will not be copied to the cloned item. Do you want to continue cloning this item?"
+    "message": "Το κλειδί πρόσβασης δε θα αντιγραφεί στο κλωνοποιημένο στοιχείο. Θέλετε να συνεχίσετε την κλωνοποίηση αυτού του στοιχείου;"
   },
   "aliasDomain": {
-    "message": "Alias domain"
+    "message": "Ψευδώνυμο τομέα"
   },
   "importData": {
-    "message": "Import data",
+    "message": "Εισαγωγή δεδομένων",
     "description": "Used for the desktop menu item and the header of the import dialog"
   },
   "importError": {
-    "message": "Import error"
+    "message": "Σφάλμα κατά την εισαγωγή"
   },
   "importErrorDesc": {
-    "message": "There was a problem with the data you tried to import. Please resolve the errors listed below in your source file and try again."
+    "message": "Παρουσιάστηκε πρόβλημα με τα δεδομένα που επιχειρήσατε να εισαγάγετε. Παρακαλώ επιλύστε τα σφάλματα που αναφέρονται παρακάτω στο αρχείο πηγής και προσπαθήστε ξανά."
   },
   "resolveTheErrorsBelowAndTryAgain": {
-    "message": "Resolve the errors below and try again."
+    "message": "Επιλύστε τα παρακάτω σφάλματα και προσπαθήστε ξανά."
   },
   "description": {
-    "message": "Description"
+    "message": "Περιγραφή"
   },
   "importSuccess": {
-    "message": "Data successfully imported"
+    "message": "Τα δεδομένα εισήχθησαν επιτυχώς"
   },
   "importSuccessNumberOfItems": {
-    "message": "A total of $AMOUNT$ items were imported.",
+    "message": "Ένα σύνολο $AMOUNT$ στοιχείων εισήχθησαν.",
     "placeholders": {
       "amount": {
         "content": "$1",
@@ -2520,10 +2520,10 @@
     }
   },
   "total": {
-    "message": "Total"
+    "message": "Σύνολο"
   },
   "importWarning": {
-    "message": "You are importing data to $ORGANIZATION$. Your data may be shared with members of this organization. Do you want to proceed?",
+    "message": "Εισαγάγετε δεδομένα στην $ORGANIZATION$. Τα δεδομένα σας μπορεί να μοιραστούν με μέλη αυτού του οργανισμού. Θέλετε να συνεχίσετε;",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -2532,22 +2532,22 @@
     }
   },
   "launchDuoAndFollowStepsToFinishLoggingIn": {
-    "message": "Launch Duo and follow the steps to finish logging in."
+    "message": "Εκκινήστε το Duo και ακολουθήστε τα βήματα για να ολοκληρώσετε τη σύνδεση."
   },
   "duoRequiredByOrgForAccount": {
-    "message": "Duo two-step login is required for your account."
+    "message": "Η Σύνδεση δύο βημάτων Duo απαιτείται για τον λογαριασμό σας."
   },
   "launchDuo": {
-    "message": "Launch Duo in Browser"
+    "message": "Εκκίνηση Duo στον περιηγητή"
   },
   "importFormatError": {
-    "message": "Data is not formatted correctly. Please check your import file and try again."
+    "message": "Τα δεδομένα δεν έχουν διαμορφωθεί σωστά. Ελέγξτε το αρχείο εισαγωγής και δοκιμάστε ξανά."
   },
   "importNothingError": {
-    "message": "Nothing was imported."
+    "message": "Τίποτα δεν εισήχθη."
   },
   "importEncKeyError": {
-    "message": "Error decrypting the exported file. Your encryption key does not match the encryption key used export the data."
+    "message": "Σφάλμα αποκρυπτογράφησης του εξαγόμενου αρχείου. Το κλειδί κρυπτογράφησης δεν ταιριάζει με το κλειδί κρυπτογράφησης που χρησιμοποιήθηκε για την εξαγωγή των δεδομένων."
   },
   "invalidFilePassword": {
     "message": "Invalid file password, please use the password you entered when you created the export file."
@@ -2633,59 +2633,68 @@
     "message": "Multifactor authentication failed"
   },
   "includeSharedFolders": {
-    "message": "Include shared folders"
+    "message": "Συμπερίληψη κοινόχρηστων φακέλων"
   },
   "lastPassEmail": {
     "message": "LastPass Email"
   },
   "importingYourAccount": {
-    "message": "Importing your account..."
+    "message": "Εισαγωγή του λογαριασμού σας..."
   },
   "lastPassMFARequired": {
-    "message": "LastPass multifactor authentication required"
+    "message": "Απαιτείται πολυμερής ταυτοποίηση LastPass"
   },
   "lastPassMFADesc": {
-    "message": "Enter your one-time passcode from your authentication app"
+    "message": "Εισαγάγετε τον κωδικό μιας χρήσης από την εφαρμογή επαλήθευσης"
   },
   "lastPassOOBDesc": {
-    "message": "Approve the login request in your authentication app or enter a one-time passcode."
+    "message": "Εγκρίνετε το αίτημα σύνδεσης στην εφαρμογή επαλήθευσης ή εισαγάγετε έναν κωδικό πρόσβασης μιας χρήσης."
   },
   "passcode": {
-    "message": "Passcode"
+    "message": "Κωδικός"
   },
   "lastPassMasterPassword": {
-    "message": "LastPass master password"
+    "message": "Κύριος κωδικός πρόσβασης LastPass"
   },
   "lastPassAuthRequired": {
-    "message": "LastPass authentication required"
+    "message": "Απαιτείται ταυτοποίηση LastPass"
   },
   "awaitingSSO": {
-    "message": "Awaiting SSO authentication"
+    "message": "Αναμονή ελέγχου ταυτότητας SSO"
   },
   "awaitingSSODesc": {
-    "message": "Please continue to log in using your company credentials."
+    "message": "Παρακαλούμε συνεχίστε τη σύνδεση χρησιμοποιώντας τα στοιχεία της εταιρείας σας."
   },
   "seeDetailedInstructions": {
-    "message": "See detailed instructions on our help site at",
+    "message": "Δείτε λεπτομερείς οδηγίες στην ιστοσελίδα βοήθειας μας στο",
     "description": "This is followed a by a hyperlink to the help website."
   },
   "importDirectlyFromLastPass": {
-    "message": "Import directly from LastPass"
+    "message": "Εισαγωγή απευθείας από το LastPass"
   },
   "importFromCSV": {
-    "message": "Import from CSV"
+    "message": "Εισαγωγή από CSV"
   },
   "lastPassTryAgainCheckEmail": {
-    "message": "Try again or look for an email from LastPass to verify it's you."
+    "message": "Δοκιμάστε ξανά ή ψάξτε για ένα email από το LastPass για να επιβεβαιώσετε ότι είστε εσείς."
   },
   "collection": {
-    "message": "Collection"
+    "message": "Συλλογή"
   },
   "lastPassYubikeyDesc": {
-    "message": "Insert the YubiKey associated with your LastPass account into your computer's USB port, then touch its button."
+    "message": "Εισαγάγετε το YubiKey που σχετίζεται με το λογαριασμό LastPass στη θύρα USB του υπολογιστή σας και στη συνέχεια αγγίξτε το κουμπί του."
   },
   "commonImportFormats": {
-    "message": "Common formats",
+    "message": "Κοινές μορφές",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Αντιμετώπιση Προβλημάτων"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Απενεργοποίηση επιτάχυνσης υλικού και επανεκκίνηση"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Ενεργοποίηση επιτάχυνσης υλικού και επανεκκίνηση"
   }
 }
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index 48c7184c88..394a5951e9 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,20 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
+  },
+  "removePasskey": {
+    "message": "Remove passkey"
+  },
+  "passkeyRemoved": {
+    "message": "Passkey removed"
   }
 }
diff --git a/apps/desktop/src/locales/en_GB/messages.json b/apps/desktop/src/locales/en_GB/messages.json
index 104e94cea8..9b68b6de49 100644
--- a/apps/desktop/src/locales/en_GB/messages.json
+++ b/apps/desktop/src/locales/en_GB/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/en_IN/messages.json b/apps/desktop/src/locales/en_IN/messages.json
index 8fe4e85720..3ffc46eba1 100644
--- a/apps/desktop/src/locales/en_IN/messages.json
+++ b/apps/desktop/src/locales/en_IN/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Enable an additional layer of security by requiring fingerprint phrase validation when establishing a link between your desktop and browser. When enabled, this requires user intervention and verification each time a connection is established."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/eo/messages.json b/apps/desktop/src/locales/eo/messages.json
index 3ea0505671..dcffc08ea4 100644
--- a/apps/desktop/src/locales/eo/messages.json
+++ b/apps/desktop/src/locales/eo/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/es/messages.json b/apps/desktop/src/locales/es/messages.json
index 270cc11c10..29c345d235 100644
--- a/apps/desktop/src/locales/es/messages.json
+++ b/apps/desktop/src/locales/es/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Requiere una capa adicional de seguridad mediante el solicitar la frase de validación de huella dactilar al establecer un enlace entre el escritorio y el navegador. Cuando se activa, requiere intervención del usuario y verificación cada vez que se establece una conexión."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Aprobar"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/et/messages.json b/apps/desktop/src/locales/et/messages.json
index 91c172a473..663cd873e5 100644
--- a/apps/desktop/src/locales/et/messages.json
+++ b/apps/desktop/src/locales/et/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "See seadistus võimaldab täiendavat kaitset, küsides brauseriga liidestamisel sõrmejälje fraasi. Sisselülitamisel nõuab see seadistus igakordset kasutaja sekkumist, kui luuakse ühendus brauseri ja töölaua rakenduse vahel."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Kinnita"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/eu/messages.json b/apps/desktop/src/locales/eu/messages.json
index 441504fabb..8970af1350 100644
--- a/apps/desktop/src/locales/eu/messages.json
+++ b/apps/desktop/src/locales/eu/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Gehitu segurtasun geruza gehigarri bat, hatz-marka berretsi behar baita mahaigainaren eta nabigatzailearen artean lotura bat ezartzean. Horretarako, konexioa sortzen den bakoitzean, erabiltzailearen ekintza eta egiaztapena behar dira."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Onartu"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/fa/messages.json b/apps/desktop/src/locales/fa/messages.json
index ca7dc6aae5..a8a5758a14 100644
--- a/apps/desktop/src/locales/fa/messages.json
+++ b/apps/desktop/src/locales/fa/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "هنگام ایجاد پیوند بین دسکتاپ و مرورگر خود، با تأیید اعتبار اثر انگشت، یک لایه امنیتی دیگر را فعال کنید. درصورت فعال بودن، این امر مستلزم مداخله و تأیید کاربر در هر بار برقراری ارتباط است."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "تأیید"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "ورود با"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "خود میزبان"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "فرمت‌های رایج",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/fi/messages.json b/apps/desktop/src/locales/fi/messages.json
index d04c13d34e..5c069578fa 100644
--- a/apps/desktop/src/locales/fi/messages.json
+++ b/apps/desktop/src/locales/fi/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Paranna tietoturvaa vaatimalla työpöytäsovelluksen ja selainlaajennuksen kytköksen todennus tunnistelausekkeella. Tämä vaatii aina yhteyden muodostuessa vahvistuksen käyttäjältä."
   },
+  "enableHardwareAcceleration": {
+    "message": "Käytä laitteistokiihdytystä"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Asetus on oletusarvoisesti käytössä. Poista käytöstä vain, jos havaitset graafisia ongelmia. Muutos vaatii sovelluksen uudelleenkäynnistyksen."
+  },
   "approve": {
     "message": "Salli"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Kirjaudutaan sijaintiin"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "itse ylläpidetty"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Yleiset muodot",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/fil/messages.json b/apps/desktop/src/locales/fil/messages.json
index 98a6baaaa6..6e6d0abaa6 100644
--- a/apps/desktop/src/locales/fil/messages.json
+++ b/apps/desktop/src/locales/fil/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Magdagdag ng karagdagang layer ng seguridad sa pamamagitan ng pagkumpirma ng parirala ng fingerprint kapag nagtatatag ng isang link sa pagitan ng iyong desktop at browser. Nangangailangan ito ng pagkilos at pagpapatunay ng gumagamit sa bawat oras na nilikha ang isang koneksyon."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Aprubahan ang"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/fr/messages.json b/apps/desktop/src/locales/fr/messages.json
index b19fa10695..90dc4b0f77 100644
--- a/apps/desktop/src/locales/fr/messages.json
+++ b/apps/desktop/src/locales/fr/messages.json
@@ -448,7 +448,7 @@
     "message": "Rechercher dans la collection"
   },
   "searchFolder": {
-    "message": "Rechercher dans un dossier"
+    "message": "Rechercher dans le dossier"
   },
   "searchFavorites": {
     "message": "Rechercher parmi les favoris"
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Activez une couche de sécurité supplémentaire en exigeant la validation de la phrase d'empreinte du compte lors de l'établissement d'un lien entre l'application et votre navigateur. Lorsque cette option est activée, cela nécessite une intervention et une vérification de l'utilisateur à chaque fois qu'une connexion est établie."
   },
+  "enableHardwareAcceleration": {
+    "message": "Utiliser l'accélération matérielle"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Ce paramètre est activé par défaut. Désactivez-le uniquement si vous rencontrez des problèmes graphiques. Redémarrage requis."
+  },
   "approve": {
     "message": "Accepter"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Connexion sur"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "auto-hébergé"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Formats communs",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Résolution de problèmes"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Désactiver l'accélération matérielle et redémarrer"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Activer l'accélération matérielle et redémarrer"
   }
 }
diff --git a/apps/desktop/src/locales/gl/messages.json b/apps/desktop/src/locales/gl/messages.json
index 2d0a4ebbf8..11694b8c9c 100644
--- a/apps/desktop/src/locales/gl/messages.json
+++ b/apps/desktop/src/locales/gl/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/he/messages.json b/apps/desktop/src/locales/he/messages.json
index 8b3c84b39b..3a9517e8d3 100644
--- a/apps/desktop/src/locales/he/messages.json
+++ b/apps/desktop/src/locales/he/messages.json
@@ -561,10 +561,10 @@
     "message": "החשבון החדש שלך נוצר בהצלחה! כעת ניתן להתחבר למערכת."
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "נכנסת בהצלחה"
   },
   "youMayCloseThisWindow": {
-    "message": "You may close this window"
+    "message": "אפשר לסגור את החלון הזה"
   },
   "masterPassSent": {
     "message": "שלחנו לך אימייל עם רמז לסיסמה הראשית."
@@ -1505,7 +1505,7 @@
     "message": "יש לבצע אימות מחדש כדי לגשת לכספת שוב."
   },
   "unlockMethodNeededToChangeTimeoutActionDesc": {
-    "message": "Set up an unlock method to change your vault timeout action."
+    "message": "יש להגדיר שיטת שחרור נעילה כדי לשנות את פעולת תום הזמן של הכספת שלך."
   },
   "lock": {
     "message": "נעילה",
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "הפעל שכבת אבטחה נוספת באמצעות בקשת אימות טביעות אצבע בעת יצירת קישור בין שולחן העבודה לדפדפן. כשהוא מופעל, זה דורש התערבות ואימות משתמש בכל פעם שנוצר חיבור."
   },
+  "enableHardwareAcceleration": {
+    "message": "להשתמש בהאצת חומרה"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "ההגדרה הזאת פעילה כברירת מחדל. יש לכבות רק אם יש כל מיני תקלות גרפיות. צריך להפעיל מחדש."
+  },
   "approve": {
     "message": "לְאַשֵׁר"
   },
@@ -2289,7 +2295,7 @@
     "message": "Check known data breaches for this password"
   },
   "important": {
-    "message": "Important:"
+    "message": "חשוב:"
   },
   "masterPasswordHint": {
     "message": "Your master password cannot be recovered if you forget it!"
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "תסדירים נפוצים",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/hi/messages.json b/apps/desktop/src/locales/hi/messages.json
index 9d302e941a..86f17c1c83 100644
--- a/apps/desktop/src/locales/hi/messages.json
+++ b/apps/desktop/src/locales/hi/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/hr/messages.json b/apps/desktop/src/locales/hr/messages.json
index 99bccb92f6..5af3644eea 100644
--- a/apps/desktop/src/locales/hr/messages.json
+++ b/apps/desktop/src/locales/hr/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Uključi dodatni sloj sigurnosti tražeći verifikaciju jedinstvenom frazom prilikom povezivanja radne površine i preglednika. Kada je ovo uključeno, potrebno je verificirati prilikom svakog novog povezivanja."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Odobri"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Prijava na"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "vlastiti poslužitelj"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/hu/messages.json b/apps/desktop/src/locales/hu/messages.json
index 33aab75339..0b61e5f675 100644
--- a/apps/desktop/src/locales/hu/messages.json
+++ b/apps/desktop/src/locales/hu/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Engedélyezzünk további biztonsági réteget ujjlenyomat kifejezés-hitelesítés kérésével az asztal és a böngésző közötti kapcsolat létrehozásakor. Ha engedélyezve van, ez minden egyes kapcsolat létrehozásakor felhasználói beavatkozást és ellenőrzést igényel."
   },
+  "enableHardwareAcceleration": {
+    "message": "Hardver gyorsítás használata"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Alapértelmezés szerint ez a beállítás BE. Csak akkor kapcsoljuk KI, ha grafikus problémákat tapasztalunk. Újraindítás szükséges."
+  },
   "approve": {
     "message": "Jóváhagyás"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Bejelentkezés:"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "saját üzemeltetésű"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Általános formátumok",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Hibaelhárítás"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "A hardveres gyorsítás letiltása és újraindítás"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "A hardveres gyorsítás engedélyezése és újraindítás"
   }
 }
diff --git a/apps/desktop/src/locales/id/messages.json b/apps/desktop/src/locales/id/messages.json
index d9e7c8f703..5290fd11de 100644
--- a/apps/desktop/src/locales/id/messages.json
+++ b/apps/desktop/src/locales/id/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Aktifkan lapisan keamanan tambahan dengan meminta validasi frase sidik jari saat membuat tautan antara desktop dan browser Anda. Saat diaktifkan, ini membutuhkan intervensi pengguna dan verifikasi setiap kali koneksi dibuat."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Menyetujui"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/it/messages.json b/apps/desktop/src/locales/it/messages.json
index 77100fc928..2736a4a46a 100644
--- a/apps/desktop/src/locales/it/messages.json
+++ b/apps/desktop/src/locales/it/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Aggiungi un altro livello di sicurezza richiedendo la conferma della frase impronta quando colleghi il desktop e il browser. Questo richiede l'azione dell'utente e la verifica ogni volta che si crea una connessione."
   },
+  "enableHardwareAcceleration": {
+    "message": "Usa accelerazione hardware"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Per impostazione predefinita, questa impostazione è attiva. Disattivala solo se riscontri problemi grafici. Richiede un riavvio."
+  },
   "approve": {
     "message": "Approva"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Accedendo su"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Formati comuni",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Risoluzione problemi"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disattiva l'accelerazione hardware e riavvia"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Attiva l'accelerazione hardware e riavvia"
   }
 }
diff --git a/apps/desktop/src/locales/ja/messages.json b/apps/desktop/src/locales/ja/messages.json
index 033169c9a8..a4b213a5fd 100644
--- a/apps/desktop/src/locales/ja/messages.json
+++ b/apps/desktop/src/locales/ja/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "デスクトップとブラウザ間のリンクを確立する際にパスフレーズを要求することで、さらなるセキュリティ層を有効にします。 有効にすると、接続を確立するたびにユーザーによる確認が必要になります。"
   },
+  "enableHardwareAcceleration": {
+    "message": "ハードウェアアクセラレーションを使用する"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "デフォルトではこの設定はオンになっています。グラフィックの問題が発生した場合のみオフにしてください。再起動が必要です。"
+  },
   "approve": {
     "message": "承認"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "ログイン先"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "自己ホスト型"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "一般的な形式",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "トラブルシューティング"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "ハードウェアアクセラレーションを無効にして再起動する"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "ハードウェアアクセラレーションを有効にして再起動する"
   }
 }
diff --git a/apps/desktop/src/locales/ka/messages.json b/apps/desktop/src/locales/ka/messages.json
index 2d0a4ebbf8..11694b8c9c 100644
--- a/apps/desktop/src/locales/ka/messages.json
+++ b/apps/desktop/src/locales/ka/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/km/messages.json b/apps/desktop/src/locales/km/messages.json
index 2d0a4ebbf8..11694b8c9c 100644
--- a/apps/desktop/src/locales/km/messages.json
+++ b/apps/desktop/src/locales/km/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/kn/messages.json b/apps/desktop/src/locales/kn/messages.json
index 83da5643eb..5f7ad11dcd 100644
--- a/apps/desktop/src/locales/kn/messages.json
+++ b/apps/desktop/src/locales/kn/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "ನಿಮ್ಮ ಡೆಸ್ಕ್‌ಟಾಪ್ ಮತ್ತು ಬ್ರೌಸರ್ ನಡುವೆ ಲಿಂಕ್ ಅನ್ನು ಸ್ಥಾಪಿಸುವಾಗ ಫಿಂಗರ್‌ಪ್ರಿಂಟ್ ಪದಗುಚ್ ಕಾಯಂಗೊಳಿಸುವಿಕೆ ಅಗತ್ಯವಿರುವ ಮೂಲಕ ಹೆಚ್ಚುವರಿ ಭದ್ರತೆಯ ಪದರವನ್ನು ಸಕ್ರಿಯಗೊಳಿಸಿ. ಸಕ್ರಿಯಗೊಳಿಸಿದಾಗ, ಪ್ರತಿ ಬಾರಿ ಸಂಪರ್ಕವನ್ನು ಸ್ಥಾಪಿಸಿದಾಗ ಬಳಕೆದಾರರ ಹಸ್ತಕ್ಷೇಪ ಮತ್ತು ಪರಿಶೀಲನೆ ಅಗತ್ಯವಾಗಿರುತ್ತದೆ."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "ಅನುಮೋದಿಸಿದೆ"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ko/messages.json b/apps/desktop/src/locales/ko/messages.json
index cb7ca32445..c8e6719811 100644
--- a/apps/desktop/src/locales/ko/messages.json
+++ b/apps/desktop/src/locales/ko/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "데스크탑 앱과 브라우저를 연결할 때 지문 구절을 확인하는 과정을 제공함으로써 추가적인 보안을 제공합니다. 이 옵션을 켜면, 연결이 설정될 때마다 사용자의 확인을 요구합니다."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "승인"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/lt/messages.json b/apps/desktop/src/locales/lt/messages.json
index bfabdd5806..00186771fd 100644
--- a/apps/desktop/src/locales/lt/messages.json
+++ b/apps/desktop/src/locales/lt/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Pridėkite papildomą apsaugos sluoksnį reikalaudami piršto antspaudo frazės patvirtinimo kuriant ryšį tarp savo darbalaukio ir naršyklės. Tam reikalingas vartotojo veiksmas ir patvirtinimas kiekvieną kartą prisijungus."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Patvirtinti"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Prisijungiama prie"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "savarankiškai sukurtas"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Dažni formatai",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/lv/messages.json b/apps/desktop/src/locales/lv/messages.json
index b26f9abdf8..f82b762d6c 100644
--- a/apps/desktop/src/locales/lv/messages.json
+++ b/apps/desktop/src/locales/lv/messages.json
@@ -1025,7 +1025,7 @@
     "message": "Pārsāknēt, lai atjauninātu"
   },
   "restartToUpdateDesc": {
-    "message": "Versija $VERSION_NUM$ ir gatava instalēšanai. Lai pabeigtu instalēšanu, lietojumprogramma ir jārestartē. Vai vēlaties restartēt un atjaunināt tūlīt?",
+    "message": "Versija $VERSION_NUM$ ir gatava uzstādīšanai. Ir jāpārsāknē lietotne, lai pabeigtu uzstādīšanu. Vai pārsāknēt un atjaunināt tagad?",
     "placeholders": {
       "version_num": {
         "content": "$1",
@@ -1037,7 +1037,7 @@
     "message": "Pieejams atjauninājums"
   },
   "updateAvailableDesc": {
-    "message": "Atrasts atjauninājums. Vai vēlaties to lejupielādēt?"
+    "message": "Atrasts atjauninājums. Vai lejupielādēt to?"
   },
   "restart": {
     "message": "Pārsāknēt"
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Iespējo papildu drošības slāni, pieprasot atpazīšanas vārdkopas pārbaudi, kad tiek izveidota saikne starp darbvirsmu un pārlūku. Ir nepieciešama lietotāja darbība un apliecināšana katru reizi, kad tiek izveidots savienojums."
   },
+  "enableHardwareAcceleration": {
+    "message": "Izmantot aparatūras paātrināšanu"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Pēc noklusējuma šis iestatījums ir ieslēgts. Izslēgt tikai tad, ja tiek pieredzētas attēlojuma nepilnības. Nepieciešama pārsāknēšana."
+  },
   "approve": {
     "message": "Apstiprināt"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Piesakās"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "pašizvietots"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Izplatīti veidoli",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Sarežģījumu novēršana"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Atspējot aparatūras paātrinājumu un pārsāknēt"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Iespējot aparatūras paātrinājumu un pārsāknēt"
   }
 }
diff --git a/apps/desktop/src/locales/me/messages.json b/apps/desktop/src/locales/me/messages.json
index 2b47e84661..533ec2ebba 100644
--- a/apps/desktop/src/locales/me/messages.json
+++ b/apps/desktop/src/locales/me/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ml/messages.json b/apps/desktop/src/locales/ml/messages.json
index e44f3844fb..cba807216a 100644
--- a/apps/desktop/src/locales/ml/messages.json
+++ b/apps/desktop/src/locales/ml/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "അംഗീകരിക്കുക"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/mr/messages.json b/apps/desktop/src/locales/mr/messages.json
index 2d0a4ebbf8..11694b8c9c 100644
--- a/apps/desktop/src/locales/mr/messages.json
+++ b/apps/desktop/src/locales/mr/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/my/messages.json b/apps/desktop/src/locales/my/messages.json
index ce48fe17c6..05e3e7703e 100644
--- a/apps/desktop/src/locales/my/messages.json
+++ b/apps/desktop/src/locales/my/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/nb/messages.json b/apps/desktop/src/locales/nb/messages.json
index d523df25e7..a20a6a6267 100644
--- a/apps/desktop/src/locales/nb/messages.json
+++ b/apps/desktop/src/locales/nb/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Aktiver et ekstra lag sikkerhet ved å kreve fingeravtrykksvalidering når du oppretter en kobling mellom skrivebordet og nettleseren. Når dette er aktivert kreves det brukerintervensjon og verifisering hver gang en tilkobling etableres."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Godkjenn"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logger inn på"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "selvbetjent"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Vanlige formater",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ne/messages.json b/apps/desktop/src/locales/ne/messages.json
index 361c2f0d6b..40e3d11d88 100644
--- a/apps/desktop/src/locales/ne/messages.json
+++ b/apps/desktop/src/locales/ne/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/nl/messages.json b/apps/desktop/src/locales/nl/messages.json
index 1ca8c4fb34..0ae432ef45 100644
--- a/apps/desktop/src/locales/nl/messages.json
+++ b/apps/desktop/src/locales/nl/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Schakel een extra beveiligingsniveau in door een vingerafdrukzin te vereisen bij het verbinden van je desktop en browser. Wanneer ingeschakeld moet je iedere verbinding verifiëren."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Goedkeuren"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Inloggen op"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "zelfgehost"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Veelvoorkomende formaten",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Probleemoplossing"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Hardwareversnelling uitschakelen en herstarten"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Hardwareversnelling inschakelen en herstarten"
   }
 }
diff --git a/apps/desktop/src/locales/nn/messages.json b/apps/desktop/src/locales/nn/messages.json
index e5a8a512ca..d3119f6a10 100644
--- a/apps/desktop/src/locales/nn/messages.json
+++ b/apps/desktop/src/locales/nn/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Godkjenn"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/or/messages.json b/apps/desktop/src/locales/or/messages.json
index 910231b793..20b704ef5e 100644
--- a/apps/desktop/src/locales/or/messages.json
+++ b/apps/desktop/src/locales/or/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/pl/messages.json b/apps/desktop/src/locales/pl/messages.json
index 862b7484e4..60444211be 100644
--- a/apps/desktop/src/locales/pl/messages.json
+++ b/apps/desktop/src/locales/pl/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Dodaj dodatkową warstwę zabezpieczeń, weryfikując unikalny identyfikator konta podczas tworzenia linku między aplikacją a przeglądarką. Funkcja ta wymaga weryfikacji identyfikatora przy każdym nawiązaniu połączenia."
   },
+  "enableHardwareAcceleration": {
+    "message": "Użyj przyśpieszenia sprzętowego"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Domyślnie to ustawienie jest włączone. Wyłącz tylko wtedy, gdy wystąpią problemy graficzne. Wymagane jest ponowne uruchomienie."
+  },
   "approve": {
     "message": "Zatwierdź"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logowanie do"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "samodzielnie hostowany"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Popularne formaty",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Rozwiązywanie problemów"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Wyłącz akcelerację sprzętową i uruchom ponownie"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Włącz akcelerację sprzętową i uruchom ponownie"
   }
 }
diff --git a/apps/desktop/src/locales/pt_BR/messages.json b/apps/desktop/src/locales/pt_BR/messages.json
index fcc0eac5db..4fb7c74889 100644
--- a/apps/desktop/src/locales/pt_BR/messages.json
+++ b/apps/desktop/src/locales/pt_BR/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Ative uma camada adicional de segurança, exigindo validação de frase de impressão digital ao estabelecer uma ligação entre o computador e o navegador. Quando ativado, isto requer intervenção do usuário e verificação cada vez que uma conexão é estabelecida."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Aprovar"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Entrando em"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "auto-hospedado"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Formatos comuns",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/pt_PT/messages.json b/apps/desktop/src/locales/pt_PT/messages.json
index 163fcaf43c..7c325bc5f9 100644
--- a/apps/desktop/src/locales/pt_PT/messages.json
+++ b/apps/desktop/src/locales/pt_PT/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Adicione uma camada adicional de segurança, exigindo a confirmação da frase de impressão digital ao estabelecer uma ligação entre o computador e o navegador. Isto requer a ação e a verificação do utilizador sempre que é criada uma ligação."
   },
+  "enableHardwareAcceleration": {
+    "message": "Utilizar a aceleração de hardware"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Por predefinição, esta definição está ativada. Desative-a apenas se tiver problemas gráficos. É necessário reiniciar."
+  },
   "approve": {
     "message": "Aprovar"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "A iniciar sessão em"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "auto-hospedado"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Formatos comuns",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Resolução de problemas"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Desativar a aceleração de hardware e reiniciar"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Ativar a aceleração de hardware e reiniciar"
   }
 }
diff --git a/apps/desktop/src/locales/ro/messages.json b/apps/desktop/src/locales/ro/messages.json
index 1ac11f5849..082a4f590b 100644
--- a/apps/desktop/src/locales/ro/messages.json
+++ b/apps/desktop/src/locales/ro/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Adăugați un nivel suplimentar de securitate solicitând confirmarea frazei amprentă atunci când stabiliți un link între desktop și browser. Acest lucru necesită o acțiune și o verificare din partea utilizatorului la fiecare creare a unei conexiuni."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Aprobați"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/ru/messages.json b/apps/desktop/src/locales/ru/messages.json
index 693dd44ca2..5eaad37d0f 100644
--- a/apps/desktop/src/locales/ru/messages.json
+++ b/apps/desktop/src/locales/ru/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Добавьте дополнительный уровень безопасности, требуя подтверждения отпечатка фразы при установлении связи между компьютером и браузером. Это потребует действий пользователя и подтверждения при каждом создании соединения."
   },
+  "enableHardwareAcceleration": {
+    "message": "Использовать аппаратное ускорение"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "По умолчанию этот параметр включен. Отключайте его только в том случае, если у вас возникли проблемы с графикой. Требуется перезагрузка."
+  },
   "approve": {
     "message": "Принять"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Войти на"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "собственный хостинг"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Основные форматы",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Устранение проблем"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Отключить аппаратное ускорение и перезапустить"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Включить аппаратное ускорение и перезапустить"
   }
 }
diff --git a/apps/desktop/src/locales/si/messages.json b/apps/desktop/src/locales/si/messages.json
index a92f950445..c72b2dd0e6 100644
--- a/apps/desktop/src/locales/si/messages.json
+++ b/apps/desktop/src/locales/si/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/sk/messages.json b/apps/desktop/src/locales/sk/messages.json
index 7d7f9d8f3c..b8777adeb1 100644
--- a/apps/desktop/src/locales/sk/messages.json
+++ b/apps/desktop/src/locales/sk/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Povoliť dodatočné zabezpečenie tým, že bude potrebné overenie odtlačku pri prepájaní desktopovej aplikácie a prehliadača. Ak je toto nastavenie zapnuté, pri každom pripojení bude od používateľa požadované overenie."
   },
+  "enableHardwareAcceleration": {
+    "message": "Použiť hardvérové zrýchlenie"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Predvolené nastavenie je ZAPNUTÉ. Vypnite iba v prípade, že máte problémy s grafikou. Vyžaduje sa reštart."
+  },
   "approve": {
     "message": "Schváliť"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Prihlásenie na"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "vlastný hosting"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Bežné formáty",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Riešenie problémov"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Zakázať hardvérové zrýchlenie a reštartovať"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Povoliť hardvérové zrýchlenie a reštartovať"
   }
 }
diff --git a/apps/desktop/src/locales/sl/messages.json b/apps/desktop/src/locales/sl/messages.json
index 366a61195f..fac763dec9 100644
--- a/apps/desktop/src/locales/sl/messages.json
+++ b/apps/desktop/src/locales/sl/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Odobri"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/sr/messages.json b/apps/desktop/src/locales/sr/messages.json
index dd709ddc6b..73469b26b4 100644
--- a/apps/desktop/src/locales/sr/messages.json
+++ b/apps/desktop/src/locales/sr/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Омогућите додатни ниво заштите захтевајући проверу фразе отиска прста приликом успостављања везе између desktop-а и прегледача. Када је омогућено, ово захтева интервенцију и верификацију корисника сваки пут када се успостави веза."
   },
+  "enableHardwareAcceleration": {
+    "message": "Користи хардверско убрзање"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Подразумевано је ово подешавање УКЉУЧЕНО. ИСКЉУЧИТЕ само ако имате графичких проблема. Потребно је поновно покретање."
+  },
   "approve": {
     "message": "Одобри"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Пријављено на"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "личан хостинг"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Уобичајени формати",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Решавање проблема"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Онемогућите хардверско убрзање и поново покрените"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Омогућите хардверско убрзање и поново покрените"
   }
 }
diff --git a/apps/desktop/src/locales/sv/messages.json b/apps/desktop/src/locales/sv/messages.json
index 5f0c7a95fc..c4c70123ac 100644
--- a/apps/desktop/src/locales/sv/messages.json
+++ b/apps/desktop/src/locales/sv/messages.json
@@ -561,7 +561,7 @@
     "message": "Ditt nya konto har skapats! Du kan nu logga in."
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "Du är nu inloggad"
   },
   "youMayCloseThisWindow": {
     "message": "Du kan stänga detta fönster"
@@ -1087,7 +1087,7 @@
     "message": "1 GB krypterad lagring."
   },
   "premiumSignUpTwoStepOptions": {
-    "message": "Proprietary two-step login options such as YubiKey and Duo."
+    "message": "Premium-alternativ för tvåstegsverifiering, såsom YubiKey och Duo."
   },
   "premiumSignUpReports": {
     "message": "Lösenordshygien, kontohälsa och dataintrångsrapporter för att skydda ditt valv."
@@ -1505,7 +1505,7 @@
     "message": "Återautentisering krävs för att komma åt ditt valv igen."
   },
   "unlockMethodNeededToChangeTimeoutActionDesc": {
-    "message": "Set up an unlock method to change your vault timeout action."
+    "message": "Ställ in ett upplåsningsalternativ för att ändra vad som händer när tidsgränsen uppnås."
   },
   "lock": {
     "message": "Lås",
@@ -1546,11 +1546,11 @@
     "message": "Ange huvudlösenord"
   },
   "orgPermissionsUpdatedMustSetPassword": {
-    "message": "Your organization permissions were updated, requiring you to set a master password.",
+    "message": "Din organisations behörigheter uppdaterades, vilket kräver att du anger ett huvudlösenord.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "orgRequiresYouToSetPassword": {
-    "message": "Your organization requires you to set a master password.",
+    "message": "Din organisation kräver att du anger ett huvudlösenord.",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "verificationRequired": {
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Aktivera ett ytterligare säkerhetslager genom att kräva validering av fingeravtrycksfrasen när du upprättar en länk mellan skrivbordet och webbläsaren. När det här är aktiverat krävs ingripande och verifiering från användaren varje gång en anslutning etableras."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Godkänn"
   },
@@ -1880,7 +1886,7 @@
     "message": "Ditt huvudlösenord ändrades nyligen av en administratör i din organisation. För att få tillgång till valvet måste du uppdatera det nu. Om du fortsätter kommer du att loggas ut från din nuvarande session, vilket kräver att du loggar in igen. Aktiva sessioner på andra enheter kan komma att vara aktiva i upp till en timme."
   },
   "updateWeakMasterPasswordWarning": {
-    "message": "Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now. Proceeding will log you out of your current session, requiring you to log back in. Active sessions on other devices may continue to remain active for up to one hour."
+    "message": "Ditt huvudlösenord följer inte ett eller flera av din organisations regler. För att komma åt ditt valv så måste du ändra ditt huvudlösenord nu. Om du gör det kommer du att loggas du ut ur din nuvarande session så du måste logga in på nytt. Aktiva sessioner på andra enheter kommer fortsatt vara aktiva i upp till en timme."
   },
   "tryAgain": {
     "message": "Försök igen"
@@ -1895,10 +1901,10 @@
     "message": "Verifiera med biometri"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "Väntar på bekräftelse"
   },
   "couldNotCompleteBiometrics": {
-    "message": "Could not complete biometrics."
+    "message": "Det gick inte att slutföra biometri."
   },
   "needADifferentMethod": {
     "message": "Behöver du en annan metod?"
@@ -1913,7 +1919,7 @@
     "message": "Använd biometri"
   },
   "enterVerificationCodeSentToEmail": {
-    "message": "Enter the verification code that was sent to your email."
+    "message": "Ange verifieringskoden som skickades till din e-postadress."
   },
   "resendCode": {
     "message": "Skicka kod igen"
@@ -2319,10 +2325,10 @@
     "message": "Uncheck if using a public device"
   },
   "approveFromYourOtherDevice": {
-    "message": "Approve from your other device"
+    "message": "Godkänn från din andra enhet"
   },
   "requestAdminApproval": {
-    "message": "Request admin approval"
+    "message": "Be om godkännande från administratör"
   },
   "approveWithMasterPassword": {
     "message": "Godkänn med huvudlösenord"
@@ -2331,7 +2337,7 @@
     "message": "Region"
   },
   "ssoIdentifierRequired": {
-    "message": "Organization SSO identifier is required."
+    "message": "Organisationens SSO-identifierare krävs."
   },
   "eu": {
     "message": "EU",
@@ -2340,44 +2346,38 @@
   "loggingInOn": {
     "message": "Logga in på"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
-    "message": "self-hosted"
+    "message": "självhostad"
   },
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
   "accountSuccessfullyCreated": {
-    "message": "Account successfully created!"
+    "message": "Ditt konto har skapats!"
   },
   "adminApprovalRequested": {
-    "message": "Admin approval requested"
+    "message": "Godkännande från administratör har begärts"
   },
   "adminApprovalRequestSentToAdmins": {
-    "message": "Your request has been sent to your admin."
+    "message": "Din begäran har skickats till din administratör."
   },
   "youWillBeNotifiedOnceApproved": {
     "message": "Du kommer att meddelas vid godkännande."
   },
   "troubleLoggingIn": {
-    "message": "Trouble logging in?"
+    "message": "Problem med att logga in?"
   },
   "loginApproved": {
-    "message": "Login approved"
+    "message": "Inloggning godkänd"
   },
   "userEmailMissing": {
-    "message": "User email missing"
+    "message": "Användarens e-postadress saknas"
   },
   "deviceTrusted": {
-    "message": "Device trusted"
+    "message": "Enhet betrodd"
   },
   "inputRequired": {
-    "message": "Input is required."
+    "message": "Inmatning är obligatoriskt."
   },
   "required": {
     "message": "obligatoriskt"
@@ -2477,41 +2477,41 @@
     "message": "Undermeny"
   },
   "skipToContent": {
-    "message": "Skip to content"
+    "message": "Hoppa till innehåll"
   },
   "typePasskey": {
-    "message": "Passkey"
+    "message": "Nyckel"
   },
   "passkeyNotCopied": {
-    "message": "Passkey will not be copied"
+    "message": "Nyckeln kommer inte att kopieras"
   },
   "passkeyNotCopiedAlert": {
-    "message": "The passkey will not be copied to the cloned item. Do you want to continue cloning this item?"
+    "message": "Nyckeln kommer inte att kopieras till det klonade objektet. Vill du klona det här objektet?"
   },
   "aliasDomain": {
     "message": "Aliasdomän"
   },
   "importData": {
-    "message": "Import data",
+    "message": "Importera data",
     "description": "Used for the desktop menu item and the header of the import dialog"
   },
   "importError": {
-    "message": "Import error"
+    "message": "Fel vid import"
   },
   "importErrorDesc": {
-    "message": "There was a problem with the data you tried to import. Please resolve the errors listed below in your source file and try again."
+    "message": "Det uppstod ett problem med den data du försökte importera. Åtgärda de fel som anges nedan i din källfil och försök igen."
   },
   "resolveTheErrorsBelowAndTryAgain": {
-    "message": "Resolve the errors below and try again."
+    "message": "Åtgärda felen nedan och försök igen."
   },
   "description": {
     "message": "Beskrivning"
   },
   "importSuccess": {
-    "message": "Data successfully imported"
+    "message": "Data har importerats till ditt valv"
   },
   "importSuccessNumberOfItems": {
-    "message": "A total of $AMOUNT$ items were imported.",
+    "message": "Sammanlagt $AMOUNT$ objekt importerades.",
     "placeholders": {
       "amount": {
         "content": "$1",
@@ -2520,10 +2520,10 @@
     }
   },
   "total": {
-    "message": "Total"
+    "message": "Totalt"
   },
   "importWarning": {
-    "message": "You are importing data to $ORGANIZATION$. Your data may be shared with members of this organization. Do you want to proceed?",
+    "message": "Du importerar data till $ORGANIZATION$. Din data kan komma att delas med medlemmar i den här organisationen. Vill du fortsätta?",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -2532,31 +2532,31 @@
     }
   },
   "launchDuoAndFollowStepsToFinishLoggingIn": {
-    "message": "Launch Duo and follow the steps to finish logging in."
+    "message": "Starta Duo och följ stegen för att slutföra inloggningen."
   },
   "duoRequiredByOrgForAccount": {
-    "message": "Duo two-step login is required for your account."
+    "message": "Duo tvåstegsverifiering krävs för ditt konto."
   },
   "launchDuo": {
-    "message": "Launch Duo in Browser"
+    "message": "Starta Duo i webbläsaren"
   },
   "importFormatError": {
-    "message": "Data is not formatted correctly. Please check your import file and try again."
+    "message": "Datan är inte korrekt formaterad. Vänligen kontrollera din importerade fil och försök igen."
   },
   "importNothingError": {
-    "message": "Nothing was imported."
+    "message": "Ingenting har importerats."
   },
   "importEncKeyError": {
-    "message": "Error decrypting the exported file. Your encryption key does not match the encryption key used export the data."
+    "message": "Ett fel uppstod vid dekryptering av den exporterade filen. Din krypteringsnyckel matchar inte krypteringsnyckeln som användes för att exportera datan."
   },
   "invalidFilePassword": {
-    "message": "Invalid file password, please use the password you entered when you created the export file."
+    "message": "Ogiltigt fillösenord, använd lösenordet du angav när du skapade exportfilen."
   },
   "importDestination": {
     "message": "Importdestination"
   },
   "learnAboutImportOptions": {
-    "message": "Learn about your import options"
+    "message": "Läs mer om dina importalternativ"
   },
   "selectImportFolder": {
     "message": "Välj en mapp"
@@ -2575,13 +2575,13 @@
     }
   },
   "importUnassignedItemsError": {
-    "message": "File contains unassigned items."
+    "message": "Filen innehåller otilldelade objekt."
   },
   "selectFormat": {
-    "message": "Select the format of the import file"
+    "message": "Välj importfilens format"
   },
   "selectImportFile": {
-    "message": "Select the import file"
+    "message": "Välj importfilen"
   },
   "chooseFile": {
     "message": "Välj fil"
@@ -2590,10 +2590,10 @@
     "message": "Ingen fil vald"
   },
   "orCopyPasteFileContents": {
-    "message": "or copy/paste the import file contents"
+    "message": "eller kopiera och klistra in innehållet från filen"
   },
   "instructionsFor": {
-    "message": "$NAME$ Instructions",
+    "message": "Instruktioner för $NAME$",
     "description": "The title for the import tool instructions.",
     "placeholders": {
       "name": {
@@ -2603,19 +2603,19 @@
     }
   },
   "confirmVaultImport": {
-    "message": "Confirm vault import"
+    "message": "Bekräfta importering av valv"
   },
   "confirmVaultImportDesc": {
-    "message": "This file is password-protected. Please enter the file password to import data."
+    "message": "Den här filen är lösenordsskyddad. Ange lösenordet för att importera data."
   },
   "confirmFilePassword": {
-    "message": "Confirm file password"
+    "message": "Bekräfta fillösenord"
   },
   "multifactorAuthenticationCancelled": {
     "message": "Multifactor authentication cancelled"
   },
   "noLastPassDataFound": {
-    "message": "No LastPass data found"
+    "message": "Ingen LastPass-data hittades"
   },
   "incorrectUsernameOrPassword": {
     "message": "Felaktigt användarnamn eller lösenord"
@@ -2636,7 +2636,7 @@
     "message": "Inkludera delade mappar"
   },
   "lastPassEmail": {
-    "message": "LastPass Email"
+    "message": "LastPass E-post"
   },
   "importingYourAccount": {
     "message": "Importerar ditt konto..."
@@ -2651,19 +2651,19 @@
     "message": "Approve the login request in your authentication app or enter a one-time passcode."
   },
   "passcode": {
-    "message": "Passcode"
+    "message": "Kod"
   },
   "lastPassMasterPassword": {
-    "message": "LastPass master password"
+    "message": "LastPass Huvudlösenord"
   },
   "lastPassAuthRequired": {
-    "message": "LastPass authentication required"
+    "message": "LastPass autentisering krävs"
   },
   "awaitingSSO": {
-    "message": "Awaiting SSO authentication"
+    "message": "Väntar på SSO-autentisering"
   },
   "awaitingSSODesc": {
-    "message": "Please continue to log in using your company credentials."
+    "message": "Fortsätt att logga in med dina företagsuppgifter."
   },
   "seeDetailedInstructions": {
     "message": "Se detaljerade instruktioner på vår hjälpsida på",
@@ -2676,16 +2676,25 @@
     "message": "Importera från CSV"
   },
   "lastPassTryAgainCheckEmail": {
-    "message": "Try again or look for an email from LastPass to verify it's you."
+    "message": "Försök igen eller leta efter ett mail från LastPass för att verifiera att det är du."
   },
   "collection": {
     "message": "Samling"
   },
   "lastPassYubikeyDesc": {
-    "message": "Insert the YubiKey associated with your LastPass account into your computer's USB port, then touch its button."
+    "message": "Sätt in YubiKey som associeras med ditt LastPass-konto i din dators USB-port, tryck sedan på knappen."
   },
   "commonImportFormats": {
-    "message": "Common formats",
+    "message": "Vanliga format",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/te/messages.json b/apps/desktop/src/locales/te/messages.json
index 2d0a4ebbf8..11694b8c9c 100644
--- a/apps/desktop/src/locales/te/messages.json
+++ b/apps/desktop/src/locales/te/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Approve"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/th/messages.json b/apps/desktop/src/locales/th/messages.json
index f4c735535b..a664696d5b 100644
--- a/apps/desktop/src/locales/th/messages.json
+++ b/apps/desktop/src/locales/th/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "อนุมัติ"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/tr/messages.json b/apps/desktop/src/locales/tr/messages.json
index 3064ea7fbc..ae3f217aa6 100644
--- a/apps/desktop/src/locales/tr/messages.json
+++ b/apps/desktop/src/locales/tr/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Masaüstü uygulamanızla tarayıcınız arasında bağlantı kurulurken parmak izi ifadesi doğrulamasını zorunlu kılarak ek bir güvenlik önlemi alabilirsiniz. Bu ayarı açarsanız her bağlantı kurulduğunda tekrar doğrulama yapmanız gerekir."
   },
+  "enableHardwareAcceleration": {
+    "message": "Donanım hızlandırması kullan"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Varsayılan olarak bu ayar AÇIK'tır. Yalnızca grafiksel sorunlarla karşılaşırsanız KAPATIN. Yeniden başlatma gerekli."
+  },
   "approve": {
     "message": "Onayla"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Giriş yapılan konum"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "şirket içinde barındırılan"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Sorun giderme"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Donanım hızlandırmayı devre dışı bırakın ve yeniden başlatın"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Donanım hızlandırmayı etkinleştirin ve yeniden başlatın"
   }
 }
diff --git a/apps/desktop/src/locales/uk/messages.json b/apps/desktop/src/locales/uk/messages.json
index 3fae3fbc16..cc5273b1bd 100644
--- a/apps/desktop/src/locales/uk/messages.json
+++ b/apps/desktop/src/locales/uk/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Додайте ще один рівень безпеки, вимагаючи підтвердження фрази відбитка під час встановлення зв'язку між програмою на комп'ютері та браузером. Вимагатиметься дія користувача і перевірка щоразу під час встановлення зв'язку."
   },
+  "enableHardwareAcceleration": {
+    "message": "Використовувати апаратне прискорення"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "Типово, цей параметр увімкнено. Вимкніть його лише за виникнення проблем із графікою. Потрібен перезапуск."
+  },
   "approve": {
     "message": "Схвалити"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Увійти на"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "власне розміщення"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Поширені формати",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Усунення проблем"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Вимкнути апаратне прискорення і перезапустити"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Увімкнути апаратне прискорення і перезапустити"
   }
 }
diff --git a/apps/desktop/src/locales/vi/messages.json b/apps/desktop/src/locales/vi/messages.json
index a3cb1efac6..f81cb2778d 100644
--- a/apps/desktop/src/locales/vi/messages.json
+++ b/apps/desktop/src/locales/vi/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "Add an additional layer of security by requiring fingerprint phrase confirmation when establishing a link between your desktop and browser. This requires user action and verification each time a connection is created."
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "Chấp nhận"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "Logging in on"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/locales/zh_CN/messages.json b/apps/desktop/src/locales/zh_CN/messages.json
index 0433407590..617e8dd934 100644
--- a/apps/desktop/src/locales/zh_CN/messages.json
+++ b/apps/desktop/src/locales/zh_CN/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "在您的桌面与浏览器间建立连接时，通过要求指纹短语确认，来增加一个额外的安全层。每次建立连接都需要用户操作和验证。"
   },
+  "enableHardwareAcceleration": {
+    "message": "使用硬件加速"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "此设置默认为开启。仅当您遇到图形问题时才关闭。需要重启。"
+  },
   "approve": {
     "message": "批准"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "登录到"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "自托管"
   },
@@ -2685,7 +2685,16 @@
     "message": "将与您的 LastPass 账户关联的 YubiKey 插入计算机的 USB 端口，然后触摸其按钮。"
   },
   "commonImportFormats": {
-    "message": "通用格式",
+    "message": "常规格式",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "故障排除"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "禁用硬件加速并重启"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "启用硬件加速并重启"
   }
 }
diff --git a/apps/desktop/src/locales/zh_TW/messages.json b/apps/desktop/src/locales/zh_TW/messages.json
index 5a17e8f7de..1659344550 100644
--- a/apps/desktop/src/locales/zh_TW/messages.json
+++ b/apps/desktop/src/locales/zh_TW/messages.json
@@ -1644,6 +1644,12 @@
   "enableBrowserIntegrationFingerprintDesc": {
     "message": "在您的桌面和瀏覽器閒建立連綫時，透過要求指紋短語確認，以添加一個額外的安全層。每次建立連綫都需要使用者干預和驗證。"
   },
+  "enableHardwareAcceleration": {
+    "message": "Use hardware acceleration"
+  },
+  "enableHardwareAccelerationDesc": {
+    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+  },
   "approve": {
     "message": "核准"
   },
@@ -2340,12 +2346,6 @@
   "loggingInOn": {
     "message": "正登入到"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "selfHostedServer": {
     "message": "自建"
   },
@@ -2687,5 +2687,14 @@
   "commonImportFormats": {
     "message": "Common formats",
     "description": "Label indicating the most common import formats"
+  },
+  "troubleshooting": {
+    "message": "Troubleshooting"
+  },
+  "disableHardwareAccelerationRestart": {
+    "message": "Disable hardware acceleration and restart"
+  },
+  "enableHardwareAccelerationRestart": {
+    "message": "Enable hardware acceleration and restart"
   }
 }
diff --git a/apps/desktop/src/main.ts b/apps/desktop/src/main.ts
index 0b92fab894..67f08839c5 100644
--- a/apps/desktop/src/main.ts
+++ b/apps/desktop/src/main.ts
@@ -1,15 +1,20 @@
 import * as path from "path";
 
 import { app } from "electron";
+import { firstValueFrom } from "rxjs";
 
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
 import { AccountServiceImplementation } from "@bitwarden/common/auth/services/account.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
+import { KeyGenerationService as KeyGenerationServiceAbstraction } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { DefaultBiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
 import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
+import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
+import { KeyGenerationService } from "@bitwarden/common/platform/services/key-generation.service";
 import { MemoryStorageService } from "@bitwarden/common/platform/services/memory-storage.service";
 import { MigrationBuilderService } from "@bitwarden/common/platform/services/migration-builder.service";
 import { MigrationRunner } from "@bitwarden/common/platform/services/migration-runner";
@@ -25,6 +30,7 @@ import { StateEventRegistrarService } from "@bitwarden/common/platform/state/sta
 import { MemoryStorageService as MemoryStorageServiceForStateProviders } from "@bitwarden/common/platform/state/storage/memory-storage.service";
 /* eslint-enable import/no-restricted-paths */
 
+import { DesktopAutofillSettingsService } from "./autofill/services/desktop-autofill-settings.service";
 import { MenuMain } from "./main/menu/menu.main";
 import { MessagingMain } from "./main/messaging.main";
 import { NativeMessagingMain } from "./main/native-messaging.main";
@@ -37,12 +43,15 @@ import { BiometricsService, BiometricsServiceAbstraction } from "./platform/main
 import { ClipboardMain } from "./platform/main/clipboard.main";
 import { DesktopCredentialStorageListener } from "./platform/main/desktop-credential-storage-listener";
 import { MainCryptoFunctionService } from "./platform/main/main-crypto-function.service";
+import { DesktopSettingsService } from "./platform/services/desktop-settings.service";
 import { ElectronLogMainService } from "./platform/services/electron-log.main.service";
 import { ELECTRON_SUPPORTS_SECURE_STORAGE } from "./platform/services/electron-platform-utils.service";
 import { ElectronStateService } from "./platform/services/electron-state.service";
 import { ElectronStorageService } from "./platform/services/electron-storage.service";
 import { I18nMainService } from "./platform/services/i18n.main.service";
+import { IllegalSecureStorageService } from "./platform/services/illegal-secure-storage.service";
 import { ElectronMainMessagingService } from "./services/electron-main-messaging.service";
+import { isMacAppStore } from "./utils";
 
 export class Main {
   logService: ElectronLogMainService;
@@ -52,11 +61,14 @@ export class Main {
   memoryStorageForStateProviders: MemoryStorageServiceForStateProviders;
   messagingService: ElectronMainMessagingService;
   stateService: StateService;
-  environmentService: EnvironmentService;
+  environmentService: DefaultEnvironmentService;
   mainCryptoFunctionService: MainCryptoFunctionService;
   desktopCredentialStorageListener: DesktopCredentialStorageListener;
+  desktopSettingsService: DesktopSettingsService;
   migrationRunner: MigrationRunner;
   tokenService: TokenServiceAbstraction;
+  keyGenerationService: KeyGenerationServiceAbstraction;
+  encryptService: EncryptService;
 
   windowMain: WindowMain;
   messagingMain: MessagingMain;
@@ -67,6 +79,7 @@ export class Main {
   biometricsService: BiometricsServiceAbstraction;
   nativeMessagingMain: NativeMessagingMain;
   clipboardMain: ClipboardMain;
+  desktopAutofillSettingsService: DesktopAutofillSettingsService;
 
   constructor() {
     // Set paths for portable builds
@@ -145,13 +158,30 @@ export class Main {
       new DefaultDerivedStateProvider(this.memoryStorageForStateProviders),
     );
 
-    this.environmentService = new EnvironmentService(stateProvider, accountService);
+    this.environmentService = new DefaultEnvironmentService(stateProvider, accountService);
+
+    this.mainCryptoFunctionService = new MainCryptoFunctionService();
+    this.mainCryptoFunctionService.init();
+
+    this.keyGenerationService = new KeyGenerationService(this.mainCryptoFunctionService);
+
+    this.encryptService = new EncryptServiceImplementation(
+      this.mainCryptoFunctionService,
+      this.logService,
+      true, // log mac failures
+    );
+
+    // Note: secure storage service is not available and should not be called in the main background process.
+    const illegalSecureStorageService = new IllegalSecureStorageService();
 
     this.tokenService = new TokenService(
       singleUserStateProvider,
       globalStateProvider,
       ELECTRON_SUPPORTS_SECURE_STORAGE,
-      this.storageService,
+      illegalSecureStorageService,
+      this.keyGenerationService,
+      this.encryptService,
+      this.logService,
     );
 
     this.migrationRunner = new MigrationRunner(
@@ -176,6 +206,8 @@ export class Main {
       false, // Do not use disk caching because this will get out of sync with the renderer service
     );
 
+    this.desktopSettingsService = new DesktopSettingsService(stateProvider);
+
     const biometricStateService = new DefaultBiometricStateService(stateProvider);
 
     this.windowMain = new WindowMain(
@@ -183,12 +215,13 @@ export class Main {
       biometricStateService,
       this.logService,
       this.storageService,
+      this.desktopSettingsService,
       (arg) => this.processDeepLink(arg),
       (win) => this.trayMain.setupWindowListeners(win),
     );
-    this.messagingMain = new MessagingMain(this, this.stateService);
+    this.messagingMain = new MessagingMain(this, this.stateService, this.desktopSettingsService);
     this.updaterMain = new UpdaterMain(this.i18nService, this.windowMain);
-    this.trayMain = new TrayMain(this.windowMain, this.i18nService, this.stateService);
+    this.trayMain = new TrayMain(this.windowMain, this.i18nService, this.desktopSettingsService);
 
     this.messagingService = new ElectronMainMessagingService(this.windowMain, (message) => {
       this.messagingMain.onMessage(message);
@@ -201,6 +234,7 @@ export class Main {
       this.environmentService,
       this.windowMain,
       this.updaterMain,
+      this.desktopSettingsService,
     );
 
     this.biometricsService = new BiometricsService(
@@ -225,11 +259,10 @@ export class Main {
       app.getPath("exe"),
     );
 
+    this.desktopAutofillSettingsService = new DesktopAutofillSettingsService(stateProvider);
+
     this.clipboardMain = new ClipboardMain();
     this.clipboardMain.init();
-
-    this.mainCryptoFunctionService = new MainCryptoFunctionService();
-    this.mainCryptoFunctionService.init();
   }
 
   bootstrap() {
@@ -237,9 +270,10 @@ export class Main {
     // Run migrations first, then other things
     this.migrationRunner.run().then(
       async () => {
+        await this.toggleHardwareAcceleration();
         await this.windowMain.init();
         await this.i18nService.init();
-        this.messagingMain.init();
+        await this.messagingMain.init();
         // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
         this.menuMain.init();
@@ -251,20 +285,18 @@ export class Main {
             click: () => this.messagingService.send("lockVault"),
           },
         ]);
-        if (await this.stateService.getEnableStartToTray()) {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
-          this.trayMain.hideToTray();
+        if (await firstValueFrom(this.desktopSettingsService.startToTray$)) {
+          await this.trayMain.hideToTray();
         }
         this.powerMonitorMain.init();
         await this.updaterMain.init();
 
         if (
           (await this.stateService.getEnableBrowserIntegration()) ||
-          (await this.stateService.getEnableDuckDuckGoBrowserIntegration())
+          (await firstValueFrom(
+            this.desktopAutofillSettingsService.enableDuckDuckGoBrowserIntegration$,
+          ))
         ) {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
           this.nativeMessagingMain.listen();
         }
 
@@ -307,4 +339,28 @@ export class Main {
         this.messagingService.send("deepLink", { urlString: s });
       });
   }
+
+  private async toggleHardwareAcceleration(): Promise<void> {
+    const hardwareAcceleration = await firstValueFrom(
+      this.desktopSettingsService.hardwareAcceleration$,
+    );
+
+    if (!hardwareAcceleration) {
+      this.logService.warning("Hardware acceleration is disabled");
+      app.disableHardwareAcceleration();
+    } else if (isMacAppStore()) {
+      // We disable hardware acceleration on Mac App Store builds for iMacs with amd switchable GPUs due to:
+      // https://github.com/electron/electron/issues/41346
+      const gpuInfo: any = await app.getGPUInfo("basic");
+      const badGpu = gpuInfo?.auxAttributes?.amdSwitchable ?? false;
+      const isImac = gpuInfo?.machineModelName == "iMac";
+
+      if (isImac && badGpu) {
+        this.logService.warning(
+          "Bad GPU detected, hardware acceleration is disabled for compatibility",
+        );
+        app.disableHardwareAcceleration();
+      }
+    }
+  }
 }
diff --git a/apps/desktop/src/main/menu/menu.help.ts b/apps/desktop/src/main/menu/menu.help.ts
index 133c90a6af..7cc0fc2681 100644
--- a/apps/desktop/src/main/menu/menu.help.ts
+++ b/apps/desktop/src/main/menu/menu.help.ts
@@ -1,7 +1,8 @@
-import { shell, MenuItemConstructorOptions } from "electron";
+import { shell, MenuItemConstructorOptions, app } from "electron";
 
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
+import { DesktopSettingsService } from "../../platform/services/desktop-settings.service";
 import { isMacAppStore, isWindowsStore } from "../../utils";
 
 import { AboutMenu } from "./menu.about";
@@ -26,23 +27,23 @@ export class HelpMenu implements IMenubarMenu {
       this.separator,
       this.getMobileApp,
       this.getBrowserExtension,
+      this.separator,
+      this.troubleshooting,
     ];
 
-    if (this._aboutMenu != null) {
-      items.push(...this._aboutMenu.items);
+    if (this.aboutMenu != null) {
+      items.push(...this.aboutMenu.items);
     }
     return items;
   }
 
-  private readonly _i18nService: I18nService;
-  private readonly _webVaultUrl: string;
-  private readonly _aboutMenu: AboutMenu;
-
-  constructor(i18nService: I18nService, webVaultUrl: string, aboutMenu: AboutMenu) {
-    this._i18nService = i18nService;
-    this._webVaultUrl = webVaultUrl;
-    this._aboutMenu = aboutMenu;
-  }
+  constructor(
+    private i18nService: I18nService,
+    private desktopSettingsService: DesktopSettingsService,
+    private webVaultUrl: string,
+    private hardwareAccelerationEnabled: boolean,
+    private aboutMenu: AboutMenu,
+  ) {}
 
   private get helpAndFeedback(): MenuItemConstructorOptions {
     return {
@@ -130,7 +131,7 @@ export class HelpMenu implements IMenubarMenu {
     return {
       id: "goToWebVault",
       label: this.localize("goToWebVault"),
-      click: () => shell.openExternal(this._webVaultUrl),
+      click: () => shell.openExternal(this.webVaultUrl),
     };
   }
 
@@ -148,25 +149,19 @@ export class HelpMenu implements IMenubarMenu {
       {
         id: "iOS",
         label: "iOS",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://itunes.apple.com/app/" + "bitwarden-free-password-manager/id1137397744?mt=8",
-          );
-        },
+          ),
       },
       {
         id: "android",
         label: "Android",
         visible: !isMacAppStore(), // Apple Guideline 2.3.10 - Accurate Metadata
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://play.google.com/store/apps/" + "details?id=com.x8bit.bitwarden",
-          );
-        },
+          ),
       },
     ];
   }
@@ -185,62 +180,78 @@ export class HelpMenu implements IMenubarMenu {
       {
         id: "chrome",
         label: "Chrome",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://chromewebstore.google.com/detail/" +
               "bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb",
-          );
-        },
+          ),
       },
       {
         id: "firefox",
         label: "Firefox",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://addons.mozilla.org/firefox/addon/" + "bitwarden-password-manager/",
-          );
-        },
+          ),
       },
       {
         id: "firefox",
         label: "Opera",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://addons.opera.com/extensions/details/" + "bitwarden-free-password-manager/",
-          );
-        },
+          ),
       },
       {
         id: "firefox",
         label: "Edge",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        click: () =>
           shell.openExternal(
             "https://microsoftedge.microsoft.com/addons/" +
               "detail/jbkfoedolllekgbhcbcoahefnbanhhlh",
-          );
-        },
+          ),
       },
       {
         id: "safari",
         label: "Safari",
-        click: () => {
-          // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-          // eslint-disable-next-line @typescript-eslint/no-floating-promises
-          shell.openExternal("https://bitwarden.com/download/");
+        click: () => shell.openExternal("https://bitwarden.com/download/"),
+      },
+    ];
+  }
+
+  private get troubleshooting(): MenuItemConstructorOptions {
+    return {
+      id: "troubleshooting",
+      label: this.localize("troubleshooting"),
+      submenu: this.troubleshootingSubmenu,
+    };
+  }
+
+  private get troubleshootingSubmenu(): MenuItemConstructorOptions[] {
+    return [
+      {
+        id: "hardwareAcceleration",
+        label: this.localize(
+          this.hardwareAccelerationEnabled
+            ? "disableHardwareAccelerationRestart"
+            : "enableHardwareAccelerationRestart",
+        ),
+        click: async () => {
+          await this.desktopSettingsService.setHardwareAcceleration(
+            !this.hardwareAccelerationEnabled,
+          );
+          // `app.relaunch` crashes the app on Mac Store builds. Disabling it for now.
+          // https://github.com/electron/electron/issues/41690
+          if (!isMacAppStore()) {
+            app.relaunch();
+          }
+          app.exit();
         },
       },
     ];
   }
 
   private localize(s: string) {
-    return this._i18nService.t(s);
+    return this.i18nService.t(s);
   }
 }
diff --git a/apps/desktop/src/main/menu/menu.main.ts b/apps/desktop/src/main/menu/menu.main.ts
index 413583982f..9a63d389b5 100644
--- a/apps/desktop/src/main/menu/menu.main.ts
+++ b/apps/desktop/src/main/menu/menu.main.ts
@@ -1,9 +1,11 @@
 import { app, Menu } from "electron";
+import { firstValueFrom } from "rxjs";
 
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 
+import { DesktopSettingsService } from "../../platform/services/desktop-settings.service";
 import { UpdaterMain } from "../updater.main";
 import { WindowMain } from "../window.main";
 
@@ -19,6 +21,7 @@ export class MenuMain {
     private environmentService: EnvironmentService,
     private windowMain: WindowMain,
     private updaterMain: UpdaterMain,
+    private desktopSettingsService: DesktopSettingsService,
   ) {}
 
   async init() {
@@ -35,17 +38,20 @@ export class MenuMain {
       new Menubar(
         this.i18nService,
         this.messagingService,
+        this.desktopSettingsService,
         this.updaterMain,
         this.windowMain,
         await this.getWebVaultUrl(),
         app.getVersion(),
+        await firstValueFrom(this.desktopSettingsService.hardwareAcceleration$),
         updateRequest,
       ).menu,
     );
   }
 
   private async getWebVaultUrl() {
-    return this.environmentService.getWebVaultUrl() ?? cloudWebVaultUrl;
+    const env = await firstValueFrom(this.environmentService.environment$);
+    return env.getWebVaultUrl() ?? cloudWebVaultUrl;
   }
 
   private initContextMenu() {
diff --git a/apps/desktop/src/main/menu/menubar.ts b/apps/desktop/src/main/menu/menubar.ts
index da55ed951c..eb1dacf825 100644
--- a/apps/desktop/src/main/menu/menubar.ts
+++ b/apps/desktop/src/main/menu/menubar.ts
@@ -3,6 +3,7 @@ import { Menu, MenuItemConstructorOptions } from "electron";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 
+import { DesktopSettingsService } from "../../platform/services/desktop-settings.service";
 import { isMac } from "../../utils";
 import { UpdaterMain } from "../updater.main";
 import { WindowMain } from "../window.main";
@@ -47,10 +48,12 @@ export class Menubar {
   constructor(
     i18nService: I18nService,
     messagingService: MessagingService,
+    desktopSettingsService: DesktopSettingsService,
     updaterMain: UpdaterMain,
     windowMain: WindowMain,
     webVaultUrl: string,
     appVersion: string,
+    hardwareAccelerationEnabled: boolean,
     updateRequest?: MenuUpdateRequest,
   ) {
     let isLocked = true;
@@ -89,7 +92,9 @@ export class Menubar {
       new WindowMenu(i18nService, messagingService, windowMain),
       new HelpMenu(
         i18nService,
+        desktopSettingsService,
         webVaultUrl,
+        hardwareAccelerationEnabled,
         new AboutMenu(i18nService, appVersion, windowMain.win, updaterMain),
       ),
     ];
diff --git a/apps/desktop/src/main/messaging.main.ts b/apps/desktop/src/main/messaging.main.ts
index 44184e6f84..256d551560 100644
--- a/apps/desktop/src/main/messaging.main.ts
+++ b/apps/desktop/src/main/messaging.main.ts
@@ -6,6 +6,7 @@ import { app, ipcMain } from "electron";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
 import { Main } from "../main";
+import { DesktopSettingsService } from "../platform/services/desktop-settings.service";
 
 import { MenuUpdateRequest } from "./menu/menu.updater";
 
@@ -17,19 +18,16 @@ export class MessagingMain {
   constructor(
     private main: Main,
     private stateService: StateService,
+    private desktopSettingsService: DesktopSettingsService,
   ) {}
 
-  init() {
+  async init() {
     this.scheduleNextSync();
     if (process.platform === "linux") {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.stateService.setOpenAtLogin(fs.existsSync(this.linuxStartupFile()));
+      await this.desktopSettingsService.setOpenAtLogin(fs.existsSync(this.linuxStartupFile()));
     } else {
       const loginSettings = app.getLoginItemSettings();
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.stateService.setOpenAtLogin(loginSettings.openAtLogin);
+      await this.desktopSettingsService.setOpenAtLogin(loginSettings.openAtLogin);
     }
     ipcMain.on("messagingService", async (event: any, message: any) => this.onMessage(message));
   }
@@ -79,14 +77,10 @@ export class MessagingMain {
         break;
       case "enableBrowserIntegration":
         this.main.nativeMessagingMain.generateManifests();
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
         this.main.nativeMessagingMain.listen();
         break;
       case "enableDuckDuckGoBrowserIntegration":
         this.main.nativeMessagingMain.generateDdgManifests();
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
         this.main.nativeMessagingMain.listen();
         break;
       case "disableBrowserIntegration":
diff --git a/apps/desktop/src/main/native-messaging.main.ts b/apps/desktop/src/main/native-messaging.main.ts
index 77a0b31314..05e987e20b 100644
--- a/apps/desktop/src/main/native-messaging.main.ts
+++ b/apps/desktop/src/main/native-messaging.main.ts
@@ -24,7 +24,7 @@ export class NativeMessagingMain {
     private exePath: string,
   ) {}
 
-  async listen() {
+  listen() {
     ipc.config.id = "bitwarden";
     ipc.config.retry = 1500;
     const ipcSocketRoot = getIpcSocketRoot();
diff --git a/apps/desktop/src/main/tray.main.ts b/apps/desktop/src/main/tray.main.ts
index 3f8ad4eedf..948c48f519 100644
--- a/apps/desktop/src/main/tray.main.ts
+++ b/apps/desktop/src/main/tray.main.ts
@@ -1,9 +1,11 @@
 import * as path from "path";
 
 import { app, BrowserWindow, Menu, MenuItemConstructorOptions, nativeImage, Tray } from "electron";
+import { firstValueFrom } from "rxjs";
 
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+
+import { DesktopSettingsService } from "../platform/services/desktop-settings.service";
 
 import { WindowMain } from "./window.main";
 
@@ -18,7 +20,7 @@ export class TrayMain {
   constructor(
     private windowMain: WindowMain,
     private i18nService: I18nService,
-    private stateService: StateService,
+    private desktopSettingsService: DesktopSettingsService,
   ) {
     if (process.platform === "win32") {
       this.icon = path.join(__dirname, "/images/icon.ico");
@@ -54,14 +56,14 @@ export class TrayMain {
     }
 
     this.contextMenu = Menu.buildFromTemplate(menuItemOptions);
-    if (await this.stateService.getEnableTray()) {
+    if (await firstValueFrom(this.desktopSettingsService.trayEnabled$)) {
       this.showTray();
     }
   }
 
   setupWindowListeners(win: BrowserWindow) {
     win.on("minimize", async (e: Event) => {
-      if (await this.stateService.getEnableMinimizeToTray()) {
+      if (await firstValueFrom(this.desktopSettingsService.minimizeToTray$)) {
         e.preventDefault();
         // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
@@ -70,7 +72,7 @@ export class TrayMain {
     });
 
     win.on("close", async (e: Event) => {
-      if (await this.stateService.getEnableCloseToTray()) {
+      if (await firstValueFrom(this.desktopSettingsService.closeToTray$)) {
         if (!this.windowMain.isQuitting) {
           e.preventDefault();
           // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
@@ -81,7 +83,7 @@ export class TrayMain {
     });
 
     win.on("show", async () => {
-      const enableTray = await this.stateService.getEnableTray();
+      const enableTray = await firstValueFrom(this.desktopSettingsService.trayEnabled$);
       if (!enableTray) {
         setTimeout(() => this.removeTray(false), 100);
       }
@@ -106,7 +108,7 @@ export class TrayMain {
     if (this.windowMain.win != null) {
       this.windowMain.win.hide();
     }
-    if (this.isDarwin() && !(await this.stateService.getAlwaysShowDock())) {
+    if (this.isDarwin() && !(await firstValueFrom(this.desktopSettingsService.alwaysShowDock$))) {
       this.hideDock();
     }
   }
@@ -176,7 +178,7 @@ export class TrayMain {
     }
     if (this.windowMain.win.isVisible()) {
       this.windowMain.win.hide();
-      if (this.isDarwin() && !(await this.stateService.getAlwaysShowDock())) {
+      if (this.isDarwin() && !(await firstValueFrom(this.desktopSettingsService.alwaysShowDock$))) {
         this.hideDock();
       }
     } else {
diff --git a/apps/desktop/src/main/window.main.ts b/apps/desktop/src/main/window.main.ts
index cdce2a692c..64b4bc48d2 100644
--- a/apps/desktop/src/main/window.main.ts
+++ b/apps/desktop/src/main/window.main.ts
@@ -3,13 +3,15 @@ import * as path from "path";
 import * as url from "url";
 
 import { app, BrowserWindow, ipcMain, nativeTheme, screen, session } from "electron";
+import { firstValueFrom } from "rxjs";
 
-import { WindowState } from "@bitwarden/common/models/domain/window-state";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/storage.service";
 import { BiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
 
+import { WindowState } from "../platform/models/domain/window-state";
+import { DesktopSettingsService } from "../platform/services/desktop-settings.service";
 import {
   cleanUserAgent,
   isDev,
@@ -40,6 +42,7 @@ export class WindowMain {
     private biometricStateService: BiometricStateService,
     private logService: LogService,
     private storageService: AbstractStorageService,
+    private desktopSettingsService: DesktopSettingsService,
     private argvCallback: (argv: string[]) => void = null,
     private createWindowCallback: (win: BrowserWindow) => void,
   ) {}
@@ -94,7 +97,7 @@ export class WindowMain {
         // down the application.
         app.on("before-quit", async () => {
           // Allow biometric to auto-prompt on reload
-          await this.biometricStateService.resetPromptCancelled();
+          await this.biometricStateService.resetAllPromptCancelled();
           this.isQuitting = true;
         });
 
@@ -121,7 +124,7 @@ export class WindowMain {
         app.on("activate", async () => {
           // On OS X it's common to re-create a window in the app when the
           // dock icon is clicked and there are no other windows open.
-          if (this.win === null) {
+          if (this.win == null) {
             await this.createWindow();
           } else {
             // Show the window when clicking on Dock icon
@@ -141,7 +144,7 @@ export class WindowMain {
       this.defaultWidth,
       this.defaultHeight,
     );
-    this.enableAlwaysOnTop = await this.stateService.getEnableAlwaysOnTop();
+    this.enableAlwaysOnTop = await firstValueFrom(this.desktopSettingsService.alwaysOnTop$);
 
     this.session = session.fromPartition("persist:bitwarden", { cache: false });
 
@@ -265,7 +268,7 @@ export class WindowMain {
   async toggleAlwaysOnTop() {
     this.enableAlwaysOnTop = !this.win.isAlwaysOnTop();
     this.win.setAlwaysOnTop(this.enableAlwaysOnTop);
-    await this.stateService.setEnableAlwaysOnTop(this.enableAlwaysOnTop);
+    await this.desktopSettingsService.setAlwaysOnTop(this.enableAlwaysOnTop);
   }
 
   private windowStateChangeHandler(configKey: string, win: BrowserWindow) {
@@ -284,7 +287,7 @@ export class WindowMain {
       const bounds = win.getBounds();
 
       if (this.windowStates[configKey] == null) {
-        this.windowStates[configKey] = await this.stateService.getWindow();
+        this.windowStates[configKey] = await firstValueFrom(this.desktopSettingsService.window$);
         if (this.windowStates[configKey] == null) {
           this.windowStates[configKey] = <WindowState>{};
         }
@@ -304,14 +307,14 @@ export class WindowMain {
         this.windowStates[configKey].zoomFactor = win.webContents.zoomFactor;
       }
 
-      await this.stateService.setWindow(this.windowStates[configKey]);
+      await this.desktopSettingsService.setWindow(this.windowStates[configKey]);
     } catch (e) {
       this.logService.error(e);
     }
   }
 
   private async getWindowState(defaultWidth: number, defaultHeight: number) {
-    const state = await this.stateService.getWindow();
+    const state = await firstValueFrom(this.desktopSettingsService.window$);
 
     const isValid = state != null && (this.stateHasBounds(state) || state.isMaximized);
     let displayBounds: Electron.Rectangle = null;
diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json
index 2862977ca2..b379e13d57 100644
--- a/apps/desktop/src/package-lock.json
+++ b/apps/desktop/src/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2024.3.1",
+  "version": "2024.3.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bitwarden/desktop",
-      "version": "2024.3.1",
+      "version": "2024.3.2",
       "license": "GPL-3.0",
       "dependencies": {
         "@bitwarden/desktop-native": "file:../desktop_native"
diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json
index 4c748c4a05..cfc0b9b4e2 100644
--- a/apps/desktop/src/package.json
+++ b/apps/desktop/src/package.json
@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.3.1",
+  "version": "2024.3.2",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",
diff --git a/apps/desktop/src/platform/main/biometric/biometrics.service.abstraction.ts b/apps/desktop/src/platform/main/biometric/biometrics.service.abstraction.ts
index 2d5c1d19eb..fb7ce048b5 100644
--- a/apps/desktop/src/platform/main/biometric/biometrics.service.abstraction.ts
+++ b/apps/desktop/src/platform/main/biometric/biometrics.service.abstraction.ts
@@ -1,6 +1,6 @@
 export abstract class BiometricsServiceAbstraction {
-  osSupportsBiometric: () => Promise<boolean>;
-  canAuthBiometric: ({
+  abstract osSupportsBiometric(): Promise<boolean>;
+  abstract canAuthBiometric({
     service,
     key,
     userId,
@@ -8,11 +8,11 @@ export abstract class BiometricsServiceAbstraction {
     service: string;
     key: string;
     userId: string;
-  }) => Promise<boolean>;
-  authenticateBiometric: () => Promise<boolean>;
-  getBiometricKey: (service: string, key: string) => Promise<string | null>;
-  setBiometricKey: (service: string, key: string, value: string) => Promise<void>;
-  setEncryptionKeyHalf: ({
+  }): Promise<boolean>;
+  abstract authenticateBiometric(): Promise<boolean>;
+  abstract getBiometricKey(service: string, key: string): Promise<string | null>;
+  abstract setBiometricKey(service: string, key: string, value: string): Promise<void>;
+  abstract setEncryptionKeyHalf({
     service,
     key,
     value,
@@ -20,23 +20,23 @@ export abstract class BiometricsServiceAbstraction {
     service: string;
     key: string;
     value: string;
-  }) => void;
-  deleteBiometricKey: (service: string, key: string) => Promise<void>;
+  }): void;
+  abstract deleteBiometricKey(service: string, key: string): Promise<void>;
 }
 
 export interface OsBiometricService {
-  osSupportsBiometric: () => Promise<boolean>;
-  authenticateBiometric: () => Promise<boolean>;
-  getBiometricKey: (
+  osSupportsBiometric(): Promise<boolean>;
+  authenticateBiometric(): Promise<boolean>;
+  getBiometricKey(
     service: string,
     key: string,
     clientKeyHalfB64: string | undefined,
-  ) => Promise<string | null>;
-  setBiometricKey: (
+  ): Promise<string | null>;
+  setBiometricKey(
     service: string,
     key: string,
     value: string,
     clientKeyHalfB64: string | undefined,
-  ) => Promise<void>;
-  deleteBiometricKey: (service: string, key: string) => Promise<void>;
+  ): Promise<void>;
+  deleteBiometricKey(service: string, key: string): Promise<void>;
 }
diff --git a/libs/common/src/models/domain/window-state.ts b/apps/desktop/src/platform/models/domain/window-state.ts
similarity index 89%
rename from libs/common/src/models/domain/window-state.ts
rename to apps/desktop/src/platform/models/domain/window-state.ts
index 5bd8e86eff..aba1cdb470 100644
--- a/libs/common/src/models/domain/window-state.ts
+++ b/apps/desktop/src/platform/models/domain/window-state.ts
@@ -4,7 +4,7 @@ export class WindowState {
   isMaximized?: boolean;
   // TODO: displayBounds is an Electron.Rectangle.
   // We need to establish some kind of client-specific global state, similar to the way we already extend a base Account.
-  displayBounds: any;
+  displayBounds: Electron.Rectangle;
   x?: number;
   y?: number;
   zoomFactor?: number;
diff --git a/apps/desktop/src/platform/services/desktop-settings.service.ts b/apps/desktop/src/platform/services/desktop-settings.service.ts
new file mode 100644
index 0000000000..d967e5fb1d
--- /dev/null
+++ b/apps/desktop/src/platform/services/desktop-settings.service.ts
@@ -0,0 +1,180 @@
+import { Observable, map } from "rxjs";
+
+import {
+  DESKTOP_SETTINGS_DISK,
+  KeyDefinition,
+  StateProvider,
+} from "@bitwarden/common/platform/state";
+
+import { WindowState } from "../models/domain/window-state";
+
+export const HARDWARE_ACCELERATION = new KeyDefinition<boolean>(
+  DESKTOP_SETTINGS_DISK,
+  "hardwareAcceleration",
+  {
+    deserializer: (v: boolean) => v,
+  },
+);
+
+const WINDOW_KEY = new KeyDefinition<WindowState | null>(DESKTOP_SETTINGS_DISK, "window", {
+  deserializer: (s) => s,
+});
+
+const CLOSE_TO_TRAY_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "closeToTray", {
+  deserializer: (b) => b,
+});
+
+const MINIMIZE_TO_TRAY_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "minimizeToTray", {
+  deserializer: (b) => b,
+});
+
+const START_TO_TRAY_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "startToTray", {
+  deserializer: (b) => b,
+});
+
+const TRAY_ENABLED_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "trayEnabled", {
+  deserializer: (b) => b,
+});
+
+const OPEN_AT_LOGIN_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "openAtLogin", {
+  deserializer: (b) => b,
+});
+
+const ALWAYS_SHOW_DOCK_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "alwaysShowDock", {
+  deserializer: (b) => b,
+});
+
+const ALWAYS_ON_TOP_KEY = new KeyDefinition<boolean>(DESKTOP_SETTINGS_DISK, "alwaysOnTop", {
+  deserializer: (b) => b,
+});
+
+/**
+ * Various settings for controlling application behavior specific to the desktop client.
+ */
+export class DesktopSettingsService {
+  private hwState = this.stateProvider.getGlobal(HARDWARE_ACCELERATION);
+  hardwareAcceleration$ = this.hwState.state$.pipe(map((v) => v ?? true));
+
+  private readonly windowState = this.stateProvider.getGlobal(WINDOW_KEY);
+
+  private readonly closeToTrayState = this.stateProvider.getGlobal(CLOSE_TO_TRAY_KEY);
+  /**
+   * Tha applications setting for whether or not to close the application into the system tray.
+   */
+  closeToTray$ = this.closeToTrayState.state$.pipe(map((value) => value ?? false));
+
+  private readonly minimizeToTrayState = this.stateProvider.getGlobal(MINIMIZE_TO_TRAY_KEY);
+  /**
+   * The application setting for whether or not to minimize the applicaiton into the system tray.
+   */
+  minimizeToTray$ = this.minimizeToTrayState.state$.pipe(map((value) => value ?? false));
+
+  private readonly startToTrayState = this.stateProvider.getGlobal(START_TO_TRAY_KEY);
+  /**
+   * The application setting for whether or not to start the application into the system tray.
+   */
+  startToTray$ = this.startToTrayState.state$.pipe(map((value) => value ?? false));
+
+  private readonly trayEnabledState = this.stateProvider.getGlobal(TRAY_ENABLED_KEY);
+  /**
+   * Whether or not the system tray has been enabled.
+   */
+  trayEnabled$ = this.trayEnabledState.state$.pipe(map((value) => value ?? false));
+
+  private readonly openAtLoginState = this.stateProvider.getGlobal(OPEN_AT_LOGIN_KEY);
+  /**
+   * The application setting for whether or not the application should open at system login.
+   */
+  openAtLogin$ = this.openAtLoginState.state$.pipe(map((value) => value ?? false));
+
+  private readonly alwaysShowDockState = this.stateProvider.getGlobal(ALWAYS_SHOW_DOCK_KEY);
+  /**
+   * The application setting for whether or not the application should show up in the dock.
+   */
+  alwaysShowDock$ = this.alwaysShowDockState.state$.pipe(map((value) => value ?? false));
+
+  private readonly alwaysOnTopState = this.stateProvider.getGlobal(ALWAYS_ON_TOP_KEY);
+
+  alwaysOnTop$ = this.alwaysOnTopState.state$.pipe(map((value) => value ?? false));
+
+  constructor(private stateProvider: StateProvider) {
+    this.window$ = this.windowState.state$.pipe(
+      map((window) =>
+        window != null && Object.keys(window).length > 0 ? window : new WindowState(),
+      ),
+    );
+  }
+
+  async setHardwareAcceleration(enabled: boolean) {
+    await this.hwState.update(() => enabled);
+  }
+
+  /**
+   * The applications current window state.
+   */
+  window$: Observable<WindowState>;
+
+  /**
+   * Updates the window state of the application so that the application can reopen in the same place as it was closed from.
+   * @param windowState The window state to set.
+   */
+  async setWindow(windowState: WindowState) {
+    await this.windowState.update(() => windowState);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should go into the system tray when closed.
+   * @param value `true` if the application should go into the system tray when closed, `false` if it should not.
+   */
+  async setCloseToTray(value: boolean) {
+    await this.closeToTrayState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should go into the tray when minimized.
+   * @param value `true` if the application should minimize into the system tray, `false` if it should not.
+   */
+  async setMinimizeToTray(value: boolean) {
+    await this.minimizeToTrayState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should be started into the system tray.
+   * @param value `true` if the application should be started to the tray`, `false` if it should not.
+   */
+  async setStartToTray(value: boolean) {
+    await this.startToTrayState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application be shown in the system tray.
+   * @param value `true` if the application should show in the tray, `false` if it should not.
+   */
+  async setTrayEnabled(value: boolean) {
+    await this.trayEnabledState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should open at login of the computer.
+   * @param value `true` if the application should open at login, `false` if it should not.
+   */
+  async setOpenAtLogin(value: boolean) {
+    await this.openAtLoginState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should be shown in the dock.
+   * @param value `true` if the application should should in the dock, `false` if it should not.
+   */
+  async setAlwaysShowDock(value: boolean) {
+    await this.alwaysShowDockState.update(() => value);
+  }
+
+  /**
+   * Sets the setting for whether or not the application should stay on top of all other windows.
+   * @param value `true` if the application should stay on top, `false` if it should not.
+   */
+  async setAlwaysOnTop(value: boolean) {
+    await this.alwaysOnTopState.update(() => value);
+  }
+}
diff --git a/apps/desktop/src/platform/services/electron-state.service.ts b/apps/desktop/src/platform/services/electron-state.service.ts
index f4399221d2..33c97f48af 100644
--- a/apps/desktop/src/platform/services/electron-state.service.ts
+++ b/apps/desktop/src/platform/services/electron-state.service.ts
@@ -1,47 +1,12 @@
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
-import { StorageOptions } from "@bitwarden/common/platform/models/domain/storage-options";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { StateService as BaseStateService } from "@bitwarden/common/platform/services/state.service";
-import { DeviceKey } from "@bitwarden/common/types/key";
 
 import { Account } from "../../models/account";
 
 export class ElectronStateService extends BaseStateService<GlobalState, Account> {
-  private partialKeys = {
-    deviceKey: "_deviceKey",
-  };
-
   async addAccount(account: Account) {
     // Apply desktop overides to default account values
     account = new Account(account);
     await super.addAccount(account);
   }
-
-  override async getDeviceKey(options?: StorageOptions): Promise<DeviceKey | null> {
-    options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
-    if (options?.userId == null) {
-      return;
-    }
-
-    const b64DeviceKey = await this.secureStorageService.get<string>(
-      `${options.userId}${this.partialKeys.deviceKey}`,
-      options,
-    );
-
-    if (b64DeviceKey == null) {
-      return null;
-    }
-
-    return new SymmetricCryptoKey(Utils.fromB64ToArray(b64DeviceKey)) as DeviceKey;
-  }
-
-  override async setDeviceKey(value: DeviceKey, options?: StorageOptions): Promise<void> {
-    options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
-    if (options?.userId == null) {
-      return;
-    }
-
-    await this.saveSecureStorageKey(this.partialKeys.deviceKey, value.keyB64, options);
-  }
 }
diff --git a/apps/desktop/src/platform/services/i18n.main.service.ts b/apps/desktop/src/platform/services/i18n.main.service.ts
index edf79eccf0..bb2d1b1c1c 100644
--- a/apps/desktop/src/platform/services/i18n.main.service.ts
+++ b/apps/desktop/src/platform/services/i18n.main.service.ts
@@ -35,6 +35,7 @@ export class I18nMainService extends BaseI18nService {
       "bs",
       "ca",
       "cs",
+      "cy",
       "da",
       "de",
       "el",
@@ -48,6 +49,7 @@ export class I18nMainService extends BaseI18nService {
       "fi",
       "fil",
       "fr",
+      "gl",
       "he",
       "hi",
       "hr",
@@ -59,13 +61,18 @@ export class I18nMainService extends BaseI18nService {
       "km",
       "kn",
       "ko",
+      "lt",
       "lv",
       "me",
       "ml",
+      "mr",
+      "my",
       "nb",
+      "ne",
       "nl",
       "nn",
       "pl",
+      "or",
       "pt-BR",
       "pt-PT",
       "ro",
@@ -75,6 +82,7 @@ export class I18nMainService extends BaseI18nService {
       "sl",
       "sr",
       "sv",
+      "te",
       "th",
       "tr",
       "uk",
diff --git a/apps/desktop/src/platform/services/i18n.renderer.service.ts b/apps/desktop/src/platform/services/i18n.renderer.service.ts
index 87ad8b4018..18fe588f77 100644
--- a/apps/desktop/src/platform/services/i18n.renderer.service.ts
+++ b/apps/desktop/src/platform/services/i18n.renderer.service.ts
@@ -28,6 +28,7 @@ export class I18nRendererService extends BaseI18nService {
       "bs",
       "ca",
       "cs",
+      "cy",
       "da",
       "de",
       "el",
@@ -41,6 +42,7 @@ export class I18nRendererService extends BaseI18nService {
       "fi",
       "fil",
       "fr",
+      "gl",
       "he",
       "hi",
       "hr",
@@ -52,13 +54,18 @@ export class I18nRendererService extends BaseI18nService {
       "km",
       "kn",
       "ko",
+      "lt",
       "lv",
       "me",
       "ml",
+      "mr",
+      "my",
       "nb",
+      "ne",
       "nl",
       "nn",
       "pl",
+      "or",
       "pt-BR",
       "pt-PT",
       "ro",
@@ -68,6 +75,7 @@ export class I18nRendererService extends BaseI18nService {
       "sl",
       "sr",
       "sv",
+      "te",
       "th",
       "tr",
       "uk",
diff --git a/apps/desktop/src/platform/services/illegal-secure-storage.service.ts b/apps/desktop/src/platform/services/illegal-secure-storage.service.ts
new file mode 100644
index 0000000000..12f86226be
--- /dev/null
+++ b/apps/desktop/src/platform/services/illegal-secure-storage.service.ts
@@ -0,0 +1,28 @@
+import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/storage.service";
+import { StorageOptions } from "@bitwarden/common/platform/models/domain/storage-options";
+
+export class IllegalSecureStorageService implements AbstractStorageService {
+  constructor() {}
+
+  get valuesRequireDeserialization(): boolean {
+    throw new Error("Method not implemented.");
+  }
+  has(key: string, options?: StorageOptions): Promise<boolean> {
+    throw new Error("Method not implemented.");
+  }
+  save<T>(key: string, obj: T, options?: StorageOptions): Promise<void> {
+    throw new Error("Method not implemented.");
+  }
+  async get<T>(key: string): Promise<T> {
+    throw new Error("Method not implemented.");
+  }
+  async set<T>(key: string, obj: T): Promise<void> {
+    throw new Error("Method not implemented.");
+  }
+  async remove(key: string): Promise<void> {
+    throw new Error("Method not implemented.");
+  }
+  async clear(): Promise<void> {
+    throw new Error("Method not implemented.");
+  }
+}
diff --git a/apps/desktop/src/services/native-message-handler.service.ts b/apps/desktop/src/services/native-message-handler.service.ts
index c90271d25c..ebe1ee6248 100644
--- a/apps/desktop/src/services/native-message-handler.service.ts
+++ b/apps/desktop/src/services/native-message-handler.service.ts
@@ -5,13 +5,14 @@ import { NativeMessagingVersion } from "@bitwarden/common/enums";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-import { StateService } from "@bitwarden/common/platform/services/state.service";
 import { DialogService } from "@bitwarden/components";
 
 import { VerifyNativeMessagingDialogComponent } from "../app/components/verify-native-messaging-dialog.component";
+import { DesktopAutofillSettingsService } from "../autofill/services/desktop-autofill-settings.service";
 import { DecryptedCommandData } from "../models/native-messaging/decrypted-command-data";
 import { EncryptedMessage } from "../models/native-messaging/encrypted-message";
 import { EncryptedMessageResponse } from "../models/native-messaging/encrypted-message-response";
@@ -34,6 +35,7 @@ export class NativeMessageHandlerService {
     private messagingService: MessagingService,
     private encryptedMessageHandlerService: EncryptedMessageHandlerService,
     private dialogService: DialogService,
+    private desktopAutofillSettingsService: DesktopAutofillSettingsService,
   ) {}
 
   async handleMessage(message: Message) {
@@ -71,7 +73,9 @@ export class NativeMessageHandlerService {
 
     try {
       const remotePublicKey = Utils.fromB64ToArray(publicKey);
-      const ddgEnabled = await this.stateService.getEnableDuckDuckGoBrowserIntegration();
+      const ddgEnabled = await firstValueFrom(
+        this.desktopAutofillSettingsService.enableDuckDuckGoBrowserIntegration$,
+      );
 
       if (!ddgEnabled) {
         this.sendResponse({
diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.html b/apps/desktop/src/vault/app/vault/add-edit.component.html
index 4ab974edd0..ea7be92935 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.html
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.html
@@ -2,9 +2,9 @@
   <div class="content">
     <div class="inner-content" *ngIf="cipher">
       <div class="box">
-        <app-callout type="info" *ngIf="allowOwnershipOptions() && !allowPersonal">
+        <bit-callout type="info" *ngIf="allowOwnershipOptions() && !allowPersonal">
           {{ "personalOwnershipPolicyInEffect" | i18n }}
-        </app-callout>
+        </bit-callout>
         <h2 class="box-header">
           {{ title }}
         </h2>
@@ -116,14 +116,25 @@
             </div>
             <!--Passkey-->
             <div
-              class="box-content-row text-muted"
+              class="box-content-row box-content-row-multi text-muted"
               *ngIf="cipher.login.hasFido2Credentials && !cloneMode"
               appBoxRow
               tabindex="0"
               attr.aria-label="{{ 'typePasskey' | i18n }} {{ fido2CredentialCreationDateValue }}"
             >
-              <span class="row-label">{{ "typePasskey" | i18n }}</span>
-              {{ fido2CredentialCreationDateValue }}
+              <button
+                type="button"
+                appStopClick
+                (click)="removePasskey()"
+                appA11yTitle="{{ 'removePasskey' | i18n }}"
+                [disabled]="!cipher.edit && editMode"
+              >
+                <i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
+              </button>
+              <div class="row-main">
+                <span class="row-label">{{ "typePasskey" | i18n }}</span>
+                {{ fido2CredentialCreationDateValue }}
+              </div>
             </div>
 
             <div class="box-content-row" appBoxRow>
diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.ts b/apps/desktop/src/vault/app/vault/add-edit.component.ts
index 8532b7462a..b89beebaa6 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -8,7 +8,7 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -49,7 +49,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnChanges,
     sendApiService: SendApiService,
     dialogService: DialogService,
     datePipe: DatePipe,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
   ) {
     super(
       cipherService,
diff --git a/apps/desktop/src/vault/app/vault/collections.component.ts b/apps/desktop/src/vault/app/vault/collections.component.ts
index b8465669e7..cd08427016 100644
--- a/apps/desktop/src/vault/app/vault/collections.component.ts
+++ b/apps/desktop/src/vault/app/vault/collections.component.ts
@@ -1,6 +1,7 @@
 import { Component } from "@angular/core";
 
 import { CollectionsComponent as BaseCollectionsComponent } from "@bitwarden/angular/admin-console/components/collections.component";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -17,8 +18,16 @@ export class CollectionsComponent extends BaseCollectionsComponent {
     i18nService: I18nService,
     collectionService: CollectionService,
     platformUtilsService: PlatformUtilsService,
+    organizationService: OrganizationService,
     logService: LogService,
   ) {
-    super(collectionService, platformUtilsService, i18nService, cipherService, logService);
+    super(
+      collectionService,
+      platformUtilsService,
+      i18nService,
+      cipherService,
+      organizationService,
+      logService,
+    );
   }
 }
diff --git a/apps/desktop/tsconfig.json b/apps/desktop/tsconfig.json
index 63a1af06d7..a62d494f29 100644
--- a/apps/desktop/tsconfig.json
+++ b/apps/desktop/tsconfig.json
@@ -20,6 +20,7 @@
       "@bitwarden/vault-export-core": [
         "../../libs/tools/export/vault-export/vault-export-core/src"
       ],
+      "@bitwarden/vault-export-ui": ["../../libs/tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["../../libs/importer/src"],
       "@bitwarden/importer/ui": ["../../libs/importer/src/components"],
       "@bitwarden/node/*": ["../../libs/node/src/*"],
diff --git a/apps/desktop/webpack.renderer.js b/apps/desktop/webpack.renderer.js
index 535edbcb5e..1ebeadef05 100644
--- a/apps/desktop/webpack.renderer.js
+++ b/apps/desktop/webpack.renderer.js
@@ -177,6 +177,7 @@ const renderer = {
       ENV: ENV,
       FLAGS: envConfig.flags,
       DEV_FLAGS: NODE_ENV === "development" ? envConfig.devFlags : {},
+      ADDITIONAL_REGIONS: envConfig.additionalRegions ?? [],
     }),
   ],
 };
diff --git a/apps/web/config/development.json b/apps/web/config/development.json
index a2ded40f61..97742aee3d 100644
--- a/apps/web/config/development.json
+++ b/apps/web/config/development.json
@@ -10,6 +10,15 @@
     "proxyNotifications": "http://localhost:61840",
     "wsConnectSrc": "ws://localhost:61840"
   },
+  "additionalRegions": [
+    {
+      "key": "LOCAL",
+      "domain": "localhost",
+      "urls": {
+        "webVault": "https://localhost:8080"
+      }
+    }
+  ],
   "flags": {
     "secretsManager": true,
     "showPasswordless": true,
diff --git a/apps/web/config/euqa.json b/apps/web/config/euqa.json
index 496b52065c..70caf3db62 100644
--- a/apps/web/config/euqa.json
+++ b/apps/web/config/euqa.json
@@ -4,6 +4,22 @@
     "notifications": "https://notifications.euqa.bitwarden.pw",
     "scim": "https://scim.euqa.bitwarden.pw"
   },
+  "additionalRegions": [
+    {
+      "key": "USQA",
+      "domain": "qa.bitwarden.pw",
+      "urls": {
+        "webVault": "https://vault.qa.bitwarden.pw"
+      }
+    },
+    {
+      "key": "EUQA",
+      "domain": "euqa.bitwarden.pw",
+      "urls": {
+        "webVault": "https://vault.euqa.bitwarden.pw"
+      }
+    }
+  ],
   "flags": {
     "secretsManager": true,
     "showPasswordless": true
diff --git a/apps/web/config/qa.json b/apps/web/config/qa.json
index be9911cc57..0ce5f3dc7f 100644
--- a/apps/web/config/qa.json
+++ b/apps/web/config/qa.json
@@ -10,6 +10,22 @@
     "proxyEvents": "https://events.qa.bitwarden.pw",
     "proxyNotifications": "https://notifications.qa.bitwarden.pw"
   },
+  "additionalRegions": [
+    {
+      "key": "USQA",
+      "domain": "qa.bitwarden.pw",
+      "urls": {
+        "webVault": "https://vault.qa.bitwarden.pw"
+      }
+    },
+    {
+      "key": "EUQA",
+      "domain": "euqa.bitwarden.pw",
+      "urls": {
+        "webVault": "https://vault.euqa.bitwarden.pw"
+      }
+    }
+  ],
   "flags": {
     "secretsManager": true,
     "showPasswordless": true,
diff --git a/apps/web/jest.config.js b/apps/web/jest.config.js
index cde02cd995..f121823ade 100644
--- a/apps/web/jest.config.js
+++ b/apps/web/jest.config.js
@@ -9,7 +9,11 @@ module.exports = {
   ...sharedConfig,
   preset: "jest-preset-angular",
   setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
-  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
-    prefix: "<rootDir>/",
-  }),
+  moduleNameMapper: pathsToModuleNameMapper(
+    // lets us use @bitwarden/common/spec in web tests
+    { "@bitwarden/common/spec": ["../../libs/common/spec"], ...(compilerOptions?.paths ?? {}) },
+    {
+      prefix: "<rootDir>/",
+    },
+  ),
 };
diff --git a/apps/web/package.json b/apps/web/package.json
index 3fad4b14ae..5b049dcb9d 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/web-vault",
-  "version": "2024.3.0",
+  "version": "2024.3.1",
   "scripts": {
     "build:oss": "webpack",
     "build:bit": "webpack -c ../../bitwarden_license/bit-web/webpack.config.js",
diff --git a/apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts b/apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts
index 33a3069e1d..63431cd6ab 100644
--- a/apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts
+++ b/apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts
@@ -3,7 +3,7 @@ import { Injectable } from "@angular/core";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 
 import { CoreOrganizationModule } from "../../core-organization.module";
 import { GroupView } from "../../views/group.view";
@@ -18,7 +18,7 @@ import { GroupDetailsResponse, GroupResponse } from "./responses/group.response"
 export class GroupService {
   constructor(
     protected apiService: ApiService,
-    protected configService: ConfigServiceAbstraction,
+    protected configService: ConfigService,
   ) {}
 
   async get(orgId: string, groupId: string): Promise<GroupView> {
@@ -52,7 +52,7 @@ export class GroupService {
 export class InternalGroupService extends GroupService {
   constructor(
     protected apiService: ApiService,
-    protected configService: ConfigServiceAbstraction,
+    protected configService: ConfigService,
   ) {
     super(apiService, configService);
   }
diff --git a/apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts b/apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts
index a1d1bc3e23..399140e3ea 100644
--- a/apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts
+++ b/apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts
@@ -6,7 +6,7 @@ import {
   OrganizationUserUpdateRequest,
 } from "@bitwarden/common/admin-console/abstractions/organization-user/requests";
 import { OrganizationUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 
 import { CoreOrganizationModule } from "../core-organization.module";
 import { OrganizationUserAdminView } from "../views/organization-user-admin-view";
@@ -14,7 +14,7 @@ import { OrganizationUserAdminView } from "../views/organization-user-admin-view
 @Injectable({ providedIn: CoreOrganizationModule })
 export class UserAdminService {
   constructor(
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private organizationUserService: OrganizationUserService,
   ) {}
 
diff --git a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
index 90010160aa..1924476327 100644
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
@@ -17,7 +17,7 @@ import {
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { BannerModule, IconModule, LayoutComponent, NavigationModule } from "@bitwarden/components";
 
diff --git a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
index 668b09eb7e..752122de00 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
@@ -24,7 +24,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { ProductType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
@@ -148,7 +148,7 @@ export class MemberDialogComponent implements OnDestroy {
     private userService: UserAdminService,
     private organizationUserService: OrganizationUserService,
     private dialogService: DialogService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private accountService: AccountService,
     organizationService: OrganizationService,
   ) {
diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.ts b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
index 8527aa1b17..b218e680e3 100644
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -11,7 +11,7 @@ import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/
 import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
 import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -95,7 +95,7 @@ export class AccountComponent {
     private organizationApiService: OrganizationApiServiceAbstraction,
     private dialogService: DialogService,
     private formBuilder: FormBuilder,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
diff --git a/apps/web/src/app/admin-console/organizations/tools/vault-export/org-vault-export.module.ts b/apps/web/src/app/admin-console/organizations/tools/vault-export/org-vault-export.module.ts
index 34b4fa4adb..ca8a75165b 100644
--- a/apps/web/src/app/admin-console/organizations/tools/vault-export/org-vault-export.module.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/vault-export/org-vault-export.module.ts
@@ -1,12 +1,19 @@
 import { NgModule } from "@angular/core";
 
+import { ExportScopeCalloutComponent } from "@bitwarden/vault-export-ui";
+
 import { LooseComponentsModule, SharedModule } from "../../../../shared";
 
 import { OrganizationVaultExportRoutingModule } from "./org-vault-export-routing.module";
 import { OrganizationVaultExportComponent } from "./org-vault-export.component";
 
 @NgModule({
-  imports: [SharedModule, LooseComponentsModule, OrganizationVaultExportRoutingModule],
+  imports: [
+    SharedModule,
+    LooseComponentsModule,
+    OrganizationVaultExportRoutingModule,
+    ExportScopeCalloutComponent,
+  ],
   declarations: [OrganizationVaultExportComponent],
 })
 export class OrganizationVaultExportModule {}
diff --git a/apps/web/src/app/app.component.ts b/apps/web/src/app/app.component.ts
index a1b7456627..32f4ee67e2 100644
--- a/apps/web/src/app/app.component.ts
+++ b/apps/web/src/app/app.component.ts
@@ -16,7 +16,7 @@ import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { PaymentMethodWarningsServiceAbstraction as PaymentMethodWarningService } from "@bitwarden/common/billing/abstractions/payment-method-warnings-service.abstraction";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -83,7 +83,7 @@ export class AppComponent implements OnDestroy, OnInit {
     private policyService: InternalPolicyService,
     protected policyListService: PolicyListService,
     private keyConnectorService: KeyConnectorService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private dialogService: DialogService,
     private biometricStateService: BiometricStateService,
     private stateEventRunnerService: StateEventRunnerService,
@@ -158,7 +158,7 @@ export class AppComponent implements OnDestroy, OnInit {
             break;
           case "syncCompleted":
             if (message.successfully) {
-              this.configService.triggerServerConfigFetch();
+              await this.configService.ensureConfigFetched();
             }
             break;
           case "upgradeOrganization": {
@@ -276,7 +276,6 @@ export class AppComponent implements OnDestroy, OnInit {
       this.collectionService.clear(userId),
       this.policyService.clear(userId),
       this.passwordGenerationService.clear(),
-      this.keyConnectorService.clear(),
       this.biometricStateService.logout(userId as UserId),
       this.paymentMethodWarningService.clear(),
     ]);
diff --git a/apps/web/src/app/auth/hint.component.ts b/apps/web/src/app/auth/hint.component.ts
index d3a7c00431..116b0f3f83 100644
--- a/apps/web/src/app/auth/hint.component.ts
+++ b/apps/web/src/app/auth/hint.component.ts
@@ -2,8 +2,8 @@ import { Component } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { HintComponent as BaseHintComponent } from "@bitwarden/angular/auth/components/hint.component";
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -19,8 +19,8 @@ export class HintComponent extends BaseHintComponent {
     apiService: ApiService,
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
   ) {
-    super(router, i18nService, apiService, platformUtilsService, logService, loginService);
+    super(router, i18nService, apiService, platformUtilsService, logService, loginEmailService);
   }
 }
diff --git a/apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts b/apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts
index 93ee857617..09c7bf9ace 100644
--- a/apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts
+++ b/apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts
@@ -2,14 +2,17 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { BehaviorSubject } from "rxjs";
 
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EncryptionType } from "@bitwarden/common/platform/enums";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
 import { Send } from "@bitwarden/common/tools/send/models/domain/send";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
@@ -39,7 +42,10 @@ describe("KeyRotationService", () => {
   let mockCryptoService: MockProxy<CryptoService>;
   let mockEncryptService: MockProxy<EncryptService>;
   let mockStateService: MockProxy<StateService>;
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
+
+  const mockUserId = Utils.newGuid() as UserId;
+  const mockAccountService: FakeAccountService = mockAccountServiceWith(mockUserId);
 
   beforeAll(() => {
     mockApiService = mock<UserKeyRotationApiService>();
@@ -52,7 +58,7 @@ describe("KeyRotationService", () => {
     mockCryptoService = mock<CryptoService>();
     mockEncryptService = mock<EncryptService>();
     mockStateService = mock<StateService>();
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockConfigService = mock<ConfigService>();
 
     keyRotationService = new UserKeyRotationService(
       mockApiService,
@@ -65,6 +71,7 @@ describe("KeyRotationService", () => {
       mockCryptoService,
       mockEncryptService,
       mockStateService,
+      mockAccountService,
       mockConfigService,
     );
   });
diff --git a/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
index bb4c3494dd..03bc604b4d 100644
--- a/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
@@ -1,9 +1,10 @@
 import { Injectable } from "@angular/core";
 import { firstValueFrom } from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
@@ -34,7 +35,8 @@ export class UserKeyRotationService {
     private cryptoService: CryptoService,
     private encryptService: EncryptService,
     private stateService: StateService,
-    private configService: ConfigServiceAbstraction,
+    private accountService: AccountService,
+    private configService: ConfigService,
   ) {}
 
   /**
@@ -90,7 +92,12 @@ export class UserKeyRotationService {
       await this.rotateUserKeyAndEncryptedDataLegacy(request);
     }
 
-    await this.deviceTrustCryptoService.rotateDevicesTrust(newUserKey, masterPasswordHash);
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+    await this.deviceTrustCryptoService.rotateDevicesTrust(
+      activeAccount.id,
+      newUserKey,
+      masterPasswordHash,
+    );
   }
 
   private async encryptPrivateKey(newUserKey: UserKey): Promise<EncryptedString | null> {
diff --git a/apps/web/src/app/auth/lock.component.ts b/apps/web/src/app/auth/lock.component.ts
index c4f8d276bb..a1d4724396 100644
--- a/apps/web/src/app/auth/lock.component.ts
+++ b/apps/web/src/app/auth/lock.component.ts
@@ -8,6 +8,7 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaul
 import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -47,6 +48,7 @@ export class LockComponent extends BaseLockComponent {
     userVerificationService: UserVerificationService,
     pinCryptoService: PinCryptoServiceAbstraction,
     biometricStateService: BiometricStateService,
+    accountService: AccountService,
   ) {
     super(
       router,
@@ -69,6 +71,7 @@ export class LockComponent extends BaseLockComponent {
       userVerificationService,
       pinCryptoService,
       biometricStateService,
+      accountService,
     );
   }
 
diff --git a/apps/web/src/app/auth/login/login-via-auth-request.component.ts b/apps/web/src/app/auth/login/login-via-auth-request.component.ts
index a3bf1160a3..5bca718304 100644
--- a/apps/web/src/app/auth/login/login-via-auth-request.component.ts
+++ b/apps/web/src/app/auth/login/login-via-auth-request.component.ts
@@ -1,75 +1,9 @@
-import { Component, OnDestroy, OnInit } from "@angular/core";
-import { Router } from "@angular/router";
+import { Component } from "@angular/core";
 
 import { LoginViaAuthRequestComponent as BaseLoginWithDeviceComponent } from "@bitwarden/angular/auth/components/login-via-auth-request.component";
-import {
-  AuthRequestServiceAbstraction,
-  LoginStrategyServiceAbstraction,
-} from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
-import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
-import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
-import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
-import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
-import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
-
-import { StateService } from "../../core";
 
 @Component({
   selector: "app-login-via-auth-request",
   templateUrl: "login-via-auth-request.component.html",
 })
-export class LoginViaAuthRequestComponent
-  extends BaseLoginWithDeviceComponent
-  implements OnInit, OnDestroy
-{
-  constructor(
-    router: Router,
-    cryptoService: CryptoService,
-    cryptoFunctionService: CryptoFunctionService,
-    appIdService: AppIdService,
-    passwordGenerationService: PasswordGenerationServiceAbstraction,
-    apiService: ApiService,
-    authService: AuthService,
-    logService: LogService,
-    environmentService: EnvironmentService,
-    i18nService: I18nService,
-    platformUtilsService: PlatformUtilsService,
-    anonymousHubService: AnonymousHubService,
-    validationService: ValidationService,
-    stateService: StateService,
-    loginService: LoginService,
-    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
-    authRequestService: AuthRequestServiceAbstraction,
-    loginStrategyService: LoginStrategyServiceAbstraction,
-  ) {
-    super(
-      router,
-      cryptoService,
-      cryptoFunctionService,
-      appIdService,
-      passwordGenerationService,
-      apiService,
-      authService,
-      logService,
-      environmentService,
-      i18nService,
-      platformUtilsService,
-      anonymousHubService,
-      validationService,
-      stateService,
-      loginService,
-      deviceTrustCryptoService,
-      authRequestService,
-      loginStrategyService,
-    );
-  }
-}
+export class LoginViaAuthRequestComponent extends BaseLoginWithDeviceComponent {}
diff --git a/apps/web/src/app/auth/login/login.component.html b/apps/web/src/app/auth/login/login.component.html
index 5c68058a3c..0e29a34278 100644
--- a/apps/web/src/app/auth/login/login.component.html
+++ b/apps/web/src/app/auth/login/login.component.html
@@ -1,6 +1,6 @@
 <form
   #form
-  (ngSubmit)="submit()"
+  (ngSubmit)="submit(false)"
   [appApiAction]="formPromise"
   class="tw-container tw-mx-auto"
   [formGroup]="formGroup"
@@ -91,7 +91,7 @@
               class="-tw-mt-2"
               routerLink="/hint"
               (mousedown)="goToHint()"
-              (click)="setFormValues()"
+              (click)="setLoginEmailValues()"
               >{{ "getMasterPasswordHint" | i18n }}</a
             >
           </div>
diff --git a/apps/web/src/app/auth/login/login.component.ts b/apps/web/src/app/auth/login/login.component.ts
index 1d2d1859e9..9f628b9389 100644
--- a/apps/web/src/app/auth/login/login.component.ts
+++ b/apps/web/src/app/auth/login/login.component.ts
@@ -6,7 +6,10 @@ import { first } from "rxjs/operators";
 
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
@@ -14,7 +17,6 @@ import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/mod
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
@@ -62,7 +64,7 @@ export class LoginComponent extends BaseLoginComponent implements OnInit {
     private routerService: RouterService,
     formBuilder: FormBuilder,
     formValidationErrorService: FormValidationErrorsService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     webAuthnLoginService: WebAuthnLoginServiceAbstraction,
   ) {
@@ -82,7 +84,7 @@ export class LoginComponent extends BaseLoginComponent implements OnInit {
       formBuilder,
       formValidationErrorService,
       route,
-      loginService,
+      loginEmailService,
       ssoLoginService,
       webAuthnLoginService,
     );
@@ -173,14 +175,14 @@ export class LoginComponent extends BaseLoginComponent implements OnInit {
       }
     }
 
-    this.loginService.clearValues();
+    this.loginEmailService.clearValues();
     // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.router.navigate([this.successRoute]);
   }
 
   goToHint() {
-    this.setFormValues();
+    this.setLoginEmailValues();
     // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.router.navigateByUrl("/hint");
@@ -201,15 +203,6 @@ export class LoginComponent extends BaseLoginComponent implements OnInit {
     this.router.navigate(["/register"]);
   }
 
-  async submit() {
-    const rememberEmail = this.formGroup.value.rememberEmail;
-
-    if (!rememberEmail) {
-      await this.stateService.setRememberedEmail(null);
-    }
-    await super.submit(false);
-  }
-
   protected override handleMigrateEncryptionKey(result: AuthResult): boolean {
     if (!result.requiresEncryptionKeyMigration) {
       return false;
diff --git a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
index d20f0cd1bd..9312ce5fc0 100644
--- a/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/view/emergency-add-edit-cipher.component.ts
@@ -6,7 +6,7 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -52,7 +52,7 @@ export class EmergencyAddEditCipherComponent extends BaseAddEditComponent {
     sendApiService: SendApiService,
     dialogService: DialogService,
     datePipe: DatePipe,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     super(
diff --git a/apps/web/src/app/auth/sso.component.ts b/apps/web/src/app/auth/sso.component.ts
index 9363cb3366..cdd979aa89 100644
--- a/apps/web/src/app/auth/sso.component.ts
+++ b/apps/web/src/app/auth/sso.component.ts
@@ -3,14 +3,17 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
 import { SsoComponent as BaseSsoComponent } from "@bitwarden/angular/auth/components/sso.component";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrgDomainApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization-domain/org-domain-api.service.abstraction";
 import { OrganizationDomainSsoDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-domain/responses/organization-domain-sso-details.response";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { HttpStatusCode } from "@bitwarden/common/enums";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -41,7 +44,8 @@ export class SsoComponent extends BaseSsoComponent {
     logService: LogService,
     private orgDomainApiService: OrgDomainApiServiceAbstraction,
     private validationService: ValidationService,
-    configService: ConfigServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+    configService: ConfigService,
   ) {
     super(
       ssoLoginService,
@@ -56,6 +60,7 @@ export class SsoComponent extends BaseSsoComponent {
       environmentService,
       passwordGenerationService,
       logService,
+      userDecryptionOptionsService,
       configService,
     );
     this.redirectUri = window.location.origin + "/sso-connector.html";
diff --git a/apps/web/src/app/auth/two-factor.component.ts b/apps/web/src/app/auth/two-factor.component.ts
index 44a9674fbd..65bf1dba58 100644
--- a/apps/web/src/app/auth/two-factor.component.ts
+++ b/apps/web/src/app/auth/two-factor.component.ts
@@ -4,15 +4,18 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -43,9 +46,10 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
     logService: LogService,
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
-    loginService: LoginService,
+    loginEmailService: LoginEmailServiceAbstraction,
+    userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
     @Inject(WINDOW) protected win: Window,
   ) {
     super(
@@ -61,7 +65,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
       logService,
       twoFactorService,
       appIdService,
-      loginService,
+      loginEmailService,
+      userDecryptionOptionsService,
       ssoLoginService,
       configService,
     );
@@ -98,7 +103,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
   }
 
   goAfterLogIn = async () => {
-    this.loginService.clearValues();
+    this.loginEmailService.clearValues();
     // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.router.navigate([this.successRoute], {
@@ -122,7 +127,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
     await this.submit();
   };
 
-  override launchDuoFrameless() {
+  override async launchDuoFrameless() {
     const duoHandOffMessage = {
       title: this.i18nService.t("youSuccessfullyLoggedIn"),
       message: this.i18nService.t("thisWindowWillCloseIn5Seconds"),
diff --git a/apps/web/src/app/billing/individual/premium.component.ts b/apps/web/src/app/billing/individual/premium.component.ts
index e6e63264d5..fa17821d56 100644
--- a/apps/web/src/app/billing/individual/premium.component.ts
+++ b/apps/web/src/app/billing/individual/premium.component.ts
@@ -44,11 +44,11 @@ export class PremiumComponent implements OnInit {
     private billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     this.selfHosted = platformUtilsService.isSelfHost();
-    this.cloudWebVaultUrl = this.environmentService.getCloudWebVaultUrl();
     this.canAccessPremium$ = billingAccountProfileStateService.hasPremiumFromAnySource$;
   }
 
   async ngOnInit() {
+    this.cloudWebVaultUrl = await firstValueFrom(this.environmentService.cloudWebVaultUrl$);
     if (await firstValueFrom(this.billingAccountProfileStateService.hasPremiumPersonally$)) {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises
diff --git a/apps/web/src/app/billing/individual/user-subscription.component.html b/apps/web/src/app/billing/individual/user-subscription.component.html
index 2fd831c71c..874983df84 100644
--- a/apps/web/src/app/billing/individual/user-subscription.component.html
+++ b/apps/web/src/app/billing/individual/user-subscription.component.html
@@ -145,7 +145,7 @@
         type="button"
         buttonType="danger"
         class="btn-submit tw-ml-auto"
-        (click)="cancel()"
+        (click)="cancelSubscription()"
         [appApiAction]="cancelPromise"
         [disabled]="$any(cancelBtn).loading"
         *ngIf="subscription && !subscription.cancelled && !subscriptionMarkedForCancel"
diff --git a/apps/web/src/app/billing/individual/user-subscription.component.ts b/apps/web/src/app/billing/individual/user-subscription.component.ts
index 3ec0cd54d1..7d8c3a0f18 100644
--- a/apps/web/src/app/billing/individual/user-subscription.component.ts
+++ b/apps/web/src/app/billing/individual/user-subscription.component.ts
@@ -1,12 +1,10 @@
 import { Component, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
-import { firstValueFrom, lastValueFrom, Observable } from "rxjs";
+import { firstValueFrom, lastValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { SubscriptionResponse } from "@bitwarden/common/billing/models/response/subscription.response";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -34,7 +32,6 @@ export class UserSubscriptionComponent implements OnInit {
 
   cancelPromise: Promise<any>;
   reinstatePromise: Promise<any>;
-  presentUserWithOffboardingSurvey$: Observable<boolean>;
 
   constructor(
     private apiService: ApiService,
@@ -45,17 +42,13 @@ export class UserSubscriptionComponent implements OnInit {
     private fileDownloadService: FileDownloadService,
     private dialogService: DialogService,
     private environmentService: EnvironmentService,
-    private configService: ConfigService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     this.selfHosted = platformUtilsService.isSelfHost();
-    this.cloudWebVaultUrl = this.environmentService.getCloudWebVaultUrl();
   }
 
   async ngOnInit() {
-    this.presentUserWithOffboardingSurvey$ = this.configService.getFeatureFlag$<boolean>(
-      FeatureFlag.AC1607_PresentUserOffboardingSurvey,
-    );
+    this.cloudWebVaultUrl = await firstValueFrom(this.environmentService.cloudWebVaultUrl$);
     await this.load();
     this.firstLoaded = true;
   }
@@ -105,16 +98,22 @@ export class UserSubscriptionComponent implements OnInit {
     }
   }
 
-  cancel = async () => {
-    const presentUserWithOffboardingSurvey = await this.configService.getFeatureFlag<boolean>(
-      FeatureFlag.AC1607_PresentUserOffboardingSurvey,
-    );
+  cancelSubscription = async () => {
+    const reference = openOffboardingSurvey(this.dialogService, {
+      data: {
+        type: "User",
+      },
+    });
 
-    if (presentUserWithOffboardingSurvey) {
-      await this.cancelWithOffboardingSurvey();
-    } else {
-      await this.cancelWithWarning();
+    this.cancelPromise = lastValueFrom(reference.closed);
+
+    const result = await this.cancelPromise;
+
+    if (result === OffboardingSurveyDialogResultType.Closed) {
+      return;
     }
+
+    await this.load();
   };
 
   downloadLicense() {
@@ -159,55 +158,6 @@ export class UserSubscriptionComponent implements OnInit {
     }
   }
 
-  private cancelWithOffboardingSurvey = async () => {
-    const reference = openOffboardingSurvey(this.dialogService, {
-      data: {
-        type: "User",
-      },
-    });
-
-    this.cancelPromise = lastValueFrom(reference.closed);
-
-    const result = await this.cancelPromise;
-
-    if (result === OffboardingSurveyDialogResultType.Closed) {
-      return;
-    }
-
-    await this.load();
-  };
-
-  private async cancelWithWarning() {
-    if (this.loading) {
-      return;
-    }
-
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "cancelSubscription" },
-      content: { key: "cancelConfirmation" },
-      type: "warning",
-    });
-
-    if (!confirmed) {
-      return;
-    }
-
-    try {
-      this.cancelPromise = this.apiService.postCancelPremium();
-      await this.cancelPromise;
-      this.platformUtilsService.showToast(
-        "success",
-        null,
-        this.i18nService.t("canceledSubscription"),
-      );
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.load();
-    } catch (e) {
-      this.logService.error(e);
-    }
-  }
-
   get subscriptionMarkedForCancel() {
     return (
       this.subscription != null && !this.subscription.cancelled && this.subscription.cancelAtEndDate
diff --git a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.html b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.html
index 484be34ce6..5f767d85c4 100644
--- a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.html
+++ b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.html
@@ -25,7 +25,13 @@
       *ngIf="subscriptionMarkedForCancel"
     >
       <p>{{ "subscriptionPendingCanceled" | i18n }}</p>
-      <button bitButton buttonType="secondary" [bitAction]="reinstate" type="button">
+      <button
+        *ngIf="userOrg.canEditSubscription"
+        bitButton
+        buttonType="secondary"
+        [bitAction]="reinstate"
+        type="button"
+      >
         {{ "reinstateSubscription" | i18n }}
       </button>
     </bit-callout>
@@ -232,28 +238,9 @@
         <button
           bitButton
           buttonType="danger"
-          [bitAction]="cancelWithWarning"
+          (click)="cancelSubscription()"
           type="button"
-          *ngIf="
-            subscription &&
-            !subscription.cancelled &&
-            !subscriptionMarkedForCancel &&
-            !(presentUserWithOffboardingSurvey$ | async)
-          "
-        >
-          {{ "cancelSubscription" | i18n }}
-        </button>
-        <button
-          bitButton
-          buttonType="danger"
-          (click)="cancelWithOffboardingSurvey()"
-          type="button"
-          *ngIf="
-            subscription &&
-            !subscription.cancelled &&
-            !subscriptionMarkedForCancel &&
-            (presentUserWithOffboardingSurvey$ | async)
-          "
+          *ngIf="subscription && !subscription.cancelled && !subscriptionMarkedForCancel"
         >
           {{ "cancelSubscription" | i18n }}
         </button>
diff --git a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
index 24374ee896..2256a92756 100644
--- a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
+++ b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
@@ -1,6 +1,6 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
-import { concatMap, firstValueFrom, lastValueFrom, Observable, Subject, takeUntil } from "rxjs";
+import { concatMap, firstValueFrom, lastValueFrom, Subject, takeUntil } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -11,8 +11,6 @@ import { PlanType } from "@bitwarden/common/billing/enums";
 import { OrganizationSubscriptionResponse } from "@bitwarden/common/billing/models/response/organization-subscription.response";
 import { BillingSubscriptionItemResponse } from "@bitwarden/common/billing/models/response/subscription.response";
 import { ProductType } from "@bitwarden/common/enums";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -43,7 +41,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
   showSecretsManagerSubscribe = false;
   firstLoaded = false;
   loading: boolean;
-  presentUserWithOffboardingSurvey$: Observable<boolean>;
 
   protected readonly teamsStarter = ProductType.TeamsStarter;
 
@@ -58,7 +55,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     private organizationApiService: OrganizationApiServiceAbstraction,
     private route: ActivatedRoute,
     private dialogService: DialogService,
-    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -78,10 +74,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
         takeUntil(this.destroy$),
       )
       .subscribe();
-
-    this.presentUserWithOffboardingSurvey$ = this.configService.getFeatureFlag$<boolean>(
-      FeatureFlag.AC1607_PresentUserOffboardingSurvey,
-    );
   }
 
   ngOnDestroy() {
@@ -278,7 +270,7 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     );
   }
 
-  cancelWithOffboardingSurvey = async () => {
+  cancelSubscription = async () => {
     const reference = openOffboardingSurvey(this.dialogService, {
       data: {
         type: "Organization",
@@ -295,36 +287,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     await this.load();
   };
 
-  cancelWithWarning = async () => {
-    if (this.loading) {
-      return;
-    }
-
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "cancelSubscription" },
-      content: { key: "cancelConfirmation" },
-      type: "warning",
-    });
-
-    if (!confirmed) {
-      return;
-    }
-
-    try {
-      await this.organizationApiService.cancel(this.organizationId);
-      this.platformUtilsService.showToast(
-        "success",
-        null,
-        this.i18nService.t("canceledSubscription"),
-      );
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.load();
-    } catch (e) {
-      this.logService.error(e);
-    }
-  };
-
   reinstate = async () => {
     if (this.loading) {
       return;
diff --git a/apps/web/src/app/billing/organizations/organization-subscription-selfhost.component.ts b/apps/web/src/app/billing/organizations/organization-subscription-selfhost.component.ts
index 1b66f5400a..081e825bcd 100644
--- a/apps/web/src/app/billing/organizations/organization-subscription-selfhost.component.ts
+++ b/apps/web/src/app/billing/organizations/organization-subscription-selfhost.component.ts
@@ -1,7 +1,7 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { FormControl, FormGroup } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
-import { concatMap, Subject, takeUntil } from "rxjs";
+import { concatMap, firstValueFrom, Subject, takeUntil } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -82,11 +82,11 @@ export class OrganizationSubscriptionSelfhostComponent implements OnInit, OnDest
     private i18nService: I18nService,
     private environmentService: EnvironmentService,
     private dialogService: DialogService,
-  ) {
-    this.cloudWebVaultUrl = this.environmentService.getCloudWebVaultUrl();
-  }
+  ) {}
 
   async ngOnInit() {
+    this.cloudWebVaultUrl = await firstValueFrom(this.environmentService.cloudWebVaultUrl$);
+
     this.route.params
       .pipe(
         concatMap(async (params) => {
diff --git a/apps/web/src/app/billing/shared/add-credit.component.ts b/apps/web/src/app/billing/shared/add-credit.component.ts
index 57091196bd..71050a9a6e 100644
--- a/apps/web/src/app/billing/shared/add-credit.component.ts
+++ b/apps/web/src/app/billing/shared/add-credit.component.ts
@@ -13,12 +13,16 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PaymentMethodType } from "@bitwarden/common/billing/enums";
 import { BitPayInvoiceRequest } from "@bitwarden/common/billing/models/request/bit-pay-invoice.request";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
-import { PayPalConfig } from "@bitwarden/common/platform/abstractions/environment.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
+export type PayPalConfig = {
+  businessId?: string;
+  buttonAction?: string;
+};
+
 @Component({
   selector: "app-add-credit",
   templateUrl: "add-credit.component.html",
@@ -53,7 +57,7 @@ export class AddCreditComponent implements OnInit {
     private platformUtilsService: PlatformUtilsService,
     private organizationService: OrganizationService,
     private logService: LogService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
   ) {
     const payPalConfig = process.env.PAYPAL_CONFIG as PayPalConfig;
     this.ppButtonFormAction = payPalConfig.buttonAction;
diff --git a/apps/web/src/app/components/environment-selector/environment-selector.component.html b/apps/web/src/app/components/environment-selector/environment-selector.component.html
index 847830ce60..4be0db2ba4 100644
--- a/apps/web/src/app/components/environment-selector/environment-selector.component.html
+++ b/apps/web/src/app/components/environment-selector/environment-selector.component.html
@@ -1,38 +1,25 @@
 <div class="tw-mb-1" *ngIf="showRegionSelector">
   <bit-menu #environmentOptions>
     <a
+      *ngFor="let region of availableRegions"
       bitMenuItem
       [attr.href]="
-        isUsServer ? 'javascript:void(0)' : 'https://vault.bitwarden.com' + routeAndParams
+        region == currentRegion ? 'javascript:void(0)' : region.urls.webVault + routeAndParams
       "
       class="pr-4"
     >
       <i
         class="bwi bwi-fw bwi-sm bwi-check pb-1"
         aria-hidden="true"
-        [style.visibility]="isUsServer ? 'visible' : 'hidden'"
+        [style.visibility]="region == currentRegion ? 'visible' : 'hidden'"
       ></i>
-      {{ "usDomain" | i18n }}
-    </a>
-    <a
-      bitMenuItem
-      [attr.href]="
-        isEuServer ? 'javascript:void(0)' : 'https://vault.bitwarden.eu' + routeAndParams
-      "
-      class="pr-4"
-    >
-      <i
-        class="bwi bwi-fw bwi-sm bwi-check pb-1"
-        aria-hidden="true"
-        [style.visibility]="isEuServer ? 'visible' : 'hidden'"
-      ></i>
-      {{ "euDomain" | i18n }}
+      {{ region.domain }}
     </a>
   </bit-menu>
   <div>
     {{ "server" | i18n }}:
     <a [routerLink]="[]" [bitMenuTriggerFor]="environmentOptions">
-      <b>{{ isEuServer ? ("euDomain" | i18n) : ("usDomain" | i18n) }}</b
+      <b>{{ currentRegion?.domain }}</b
       ><i class="bwi bwi-fw bwi-sm bwi-angle-down" aria-hidden="true"></i>
     </a>
   </div>
diff --git a/apps/web/src/app/components/environment-selector/environment-selector.component.ts b/apps/web/src/app/components/environment-selector/environment-selector.component.ts
index 2e82e383b6..132b68c6e2 100644
--- a/apps/web/src/app/components/environment-selector/environment-selector.component.ts
+++ b/apps/web/src/app/components/environment-selector/environment-selector.component.ts
@@ -1,7 +1,10 @@
 import { Component, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
 
-import { RegionDomain } from "@bitwarden/common/platform/abstractions/environment.service";
+import {
+  EnvironmentService,
+  RegionConfig,
+} from "@bitwarden/common/platform/abstractions/environment.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 
@@ -12,19 +15,21 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 export class EnvironmentSelectorComponent implements OnInit {
   constructor(
     private platformUtilsService: PlatformUtilsService,
+    private environmentService: EnvironmentService,
     private router: Router,
   ) {}
 
-  isEuServer: boolean;
-  isUsServer: boolean;
-  showRegionSelector = false;
-  routeAndParams: string;
+  protected availableRegions = this.environmentService.availableRegions();
+  protected currentRegion?: RegionConfig;
+
+  protected showRegionSelector = false;
+  protected routeAndParams: string;
 
   async ngOnInit() {
-    const domain = Utils.getDomain(window.location.href);
-    this.isEuServer = domain.includes(RegionDomain.EU);
-    this.isUsServer = domain.includes(RegionDomain.US) || domain.includes(RegionDomain.USQA);
     this.showRegionSelector = !this.platformUtilsService.isSelfHost();
     this.routeAndParams = `/#${this.router.url}`;
+
+    const host = Utils.getHost(window.location.href);
+    this.currentRegion = this.availableRegions.find((r) => Utils.getHost(r.urls.webVault) === host);
   }
 }
diff --git a/apps/web/src/app/core/core.module.ts b/apps/web/src/app/core/core.module.ts
index f44ab9f09d..bd514b1d18 100644
--- a/apps/web/src/app/core/core.module.ts
+++ b/apps/web/src/app/core/core.module.ts
@@ -11,11 +11,12 @@ import {
   OBSERVABLE_MEMORY_STORAGE,
   OBSERVABLE_DISK_STORAGE,
   OBSERVABLE_DISK_LOCAL_STORAGE,
+  WINDOW,
 } from "@bitwarden/angular/services/injection-tokens";
 import { JslibServicesModule } from "@bitwarden/angular/services/jslib-services.module";
 import { ModalService as ModalServiceAbstraction } from "@bitwarden/angular/services/modal.service";
-import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
-import { LoginService } from "@bitwarden/common/auth/services/login.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -26,11 +27,12 @@ import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/
 import { ThemeType } from "@bitwarden/common/platform/enums";
 import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { MemoryStorageService } from "@bitwarden/common/platform/services/memory-storage.service";
+// eslint-disable-next-line import/no-restricted-paths -- Implementation for memory storage
 import { MigrationBuilderService } from "@bitwarden/common/platform/services/migration-builder.service";
 import { MigrationRunner } from "@bitwarden/common/platform/services/migration-runner";
-/* eslint-disable import/no-restricted-paths -- Implementation for memory storage */
 import { StorageServiceProvider } from "@bitwarden/common/platform/services/storage-service.provider";
-import { GlobalStateProvider } from "@bitwarden/common/platform/state";
+/* eslint-disable import/no-restricted-paths -- Implementation for memory storage */
+import { GlobalStateProvider, StateProvider } from "@bitwarden/common/platform/state";
 import { MemoryStorageService as MemoryStorageServiceForStateProviders } from "@bitwarden/common/platform/state/storage/memory-storage.service";
 /* eslint-enable import/no-restricted-paths -- Implementation for memory storage */
 import {
@@ -41,6 +43,7 @@ import {
 import { PolicyListService } from "../admin-console/core/policy-list.service";
 import { HtmlStorageService } from "../core/html-storage.service";
 import { I18nService } from "../core/i18n.service";
+import { WebEnvironmentService } from "../platform/web-environment.service";
 import { WebMigrationRunner } from "../platform/web-migration-runner";
 import { WebStorageServiceProvider } from "../platform/web-storage-service.provider";
 import { WindowStorageService } from "../platform/window-storage.service";
@@ -113,11 +116,6 @@ import { WebPlatformUtilsService } from "./web-platform-utils.service";
       provide: FileDownloadService,
       useClass: WebFileDownloadService,
     },
-    {
-      provide: LoginServiceAbstraction,
-      useClass: LoginService,
-      deps: [StateService],
-    },
     CollectionAdminService,
     {
       provide: OBSERVABLE_DISK_LOCAL_STORAGE,
@@ -138,6 +136,11 @@ import { WebPlatformUtilsService } from "./web-platform-utils.service";
         OBSERVABLE_DISK_LOCAL_STORAGE,
       ],
     },
+    {
+      provide: EnvironmentService,
+      useClass: WebEnvironmentService,
+      deps: [WINDOW, StateProvider, AccountService],
+    },
     {
       provide: ThemeStateService,
       useFactory: (globalStateProvider: GlobalStateProvider) =>
diff --git a/apps/web/src/app/core/init.service.ts b/apps/web/src/app/core/init.service.ts
index 3d940f3596..d5576d3bf7 100644
--- a/apps/web/src/app/core/init.service.ts
+++ b/apps/web/src/app/core/init.service.ts
@@ -8,13 +8,8 @@ import { NotificationsService as NotificationsServiceAbstraction } from "@bitwar
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
-import {
-  EnvironmentService as EnvironmentServiceAbstraction,
-  Urls,
-} from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { StateService as StateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
 import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
@@ -23,7 +18,6 @@ import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/va
 export class InitService {
   constructor(
     @Inject(WINDOW) private win: Window,
-    private environmentService: EnvironmentServiceAbstraction,
     private notificationsService: NotificationsServiceAbstraction,
     private vaultTimeoutService: VaultTimeoutService,
     private i18nService: I18nServiceAbstraction,
@@ -33,7 +27,6 @@ export class InitService {
     private cryptoService: CryptoServiceAbstraction,
     private themingService: AbstractThemingService,
     private encryptService: EncryptService,
-    private configService: ConfigService,
     @Inject(DOCUMENT) private document: Document,
   ) {}
 
@@ -41,13 +34,6 @@ export class InitService {
     return async () => {
       await this.stateService.init();
 
-      const urls = process.env.URLS as Urls;
-      urls.base ??= this.win.location.origin;
-      await this.environmentService.setUrls(urls);
-      // Workaround to ignore stateService.activeAccount until process.env.URLS are set
-      // TODO: Remove this when implementing ticket PM-2637
-      this.environmentService.initialized = true;
-
       setTimeout(() => this.notificationsService.init(), 3000);
       await this.vaultTimeoutService.init(true);
       await this.i18nService.init();
@@ -58,8 +44,6 @@ export class InitService {
       this.themingService.applyThemeChangesTo(this.document);
       const containerService = new ContainerService(this.cryptoService, this.encryptService);
       containerService.attachToGlobal(this.win);
-
-      this.configService.init();
     };
   }
 }
diff --git a/apps/web/src/app/layouts/user-layout.component.ts b/apps/web/src/app/layouts/user-layout.component.ts
index 2e1813697e..ee30bed0d6 100644
--- a/apps/web/src/app/layouts/user-layout.component.ts
+++ b/apps/web/src/app/layouts/user-layout.component.ts
@@ -9,7 +9,7 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { IconModule, LayoutComponent, NavigationModule } from "@bitwarden/components";
diff --git a/apps/web/src/app/platform/web-environment.service.ts b/apps/web/src/app/platform/web-environment.service.ts
new file mode 100644
index 0000000000..c2eb37eea5
--- /dev/null
+++ b/apps/web/src/app/platform/web-environment.service.ts
@@ -0,0 +1,62 @@
+import { ReplaySubject } from "rxjs";
+
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import {
+  Environment,
+  Region,
+  RegionConfig,
+  Urls,
+} from "@bitwarden/common/platform/abstractions/environment.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import {
+  CloudEnvironment,
+  DefaultEnvironmentService,
+  SelfHostedEnvironment,
+} from "@bitwarden/common/platform/services/default-environment.service";
+import { StateProvider } from "@bitwarden/common/platform/state";
+
+/**
+ * Web specific environment service. Ensures that the urls are set from the window location.
+ */
+export class WebEnvironmentService extends DefaultEnvironmentService {
+  constructor(
+    private win: Window,
+    stateProvider: StateProvider,
+    accountService: AccountService,
+  ) {
+    super(stateProvider, accountService);
+
+    // The web vault always uses the current location as the base url
+    const urls = process.env.URLS as Urls;
+    urls.base ??= this.win.location.origin;
+
+    // Find the region
+    const domain = Utils.getDomain(this.win.location.href);
+    const region = this.availableRegions().find((r) => Utils.getDomain(r.urls.webVault) === domain);
+
+    let environment: Environment;
+    if (region) {
+      environment = new WebCloudEnvironment(region, urls);
+    } else {
+      environment = new SelfHostedEnvironment(urls);
+    }
+
+    // Override the environment observable with a replay subject
+    const subject = new ReplaySubject<Environment>(1);
+    subject.next(environment);
+    this.environment$ = subject.asObservable();
+  }
+
+  // Web cannot set environment
+  async setEnvironment(region: Region, urls?: Urls): Promise<Urls> {
+    return;
+  }
+}
+
+class WebCloudEnvironment extends CloudEnvironment {
+  constructor(config: RegionConfig, urls: Urls) {
+    super(config);
+    // We override the urls to avoid CORS issues
+    this.urls = urls;
+  }
+}
diff --git a/apps/web/src/app/platform/web-migration-runner.ts b/apps/web/src/app/platform/web-migration-runner.ts
index e8f44f7f41..4bd1d2d4b5 100644
--- a/apps/web/src/app/platform/web-migration-runner.ts
+++ b/apps/web/src/app/platform/web-migration-runner.ts
@@ -46,7 +46,7 @@ class WebMigrationHelper extends MigrationHelper {
     storageService: WindowStorageService,
     logService: LogService,
   ) {
-    super(currentVersion, storageService, logService);
+    super(currentVersion, storageService, logService, "web-disk-local");
     this.diskLocalStorageService = storageService;
   }
 
diff --git a/apps/web/src/app/tools/vault-export/export.component.html b/apps/web/src/app/tools/vault-export/export.component.html
index 8ed82b9fd9..9f47adf8aa 100644
--- a/apps/web/src/app/tools/vault-export/export.component.html
+++ b/apps/web/src/app/tools/vault-export/export.component.html
@@ -5,10 +5,10 @@
     <bit-callout type="danger" title="{{ 'vaultExportDisabled' | i18n }}" *ngIf="disabledByPolicy">
       {{ "personalVaultExportPolicyInEffect" | i18n }}
     </bit-callout>
-    <app-export-scope-callout
+    <tools-export-scope-callout
       [organizationId]="organizationId"
       *ngIf="!disabledByPolicy"
-    ></app-export-scope-callout>
+    ></tools-export-scope-callout>
 
     <ng-container *ngIf="organizations$ | async as organizations">
       <bit-form-field *ngIf="organizations.length > 0">
diff --git a/apps/web/src/app/tools/vault-export/export.component.ts b/apps/web/src/app/tools/vault-export/export.component.ts
index 8b14092f20..4fdd3ff9e0 100644
--- a/apps/web/src/app/tools/vault-export/export.component.ts
+++ b/apps/web/src/app/tools/vault-export/export.component.ts
@@ -1,7 +1,6 @@
 import { Component } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 
-import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { UserVerificationDialogComponent } from "@bitwarden/auth/angular";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -13,6 +12,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
+import { ExportComponent as BaseExportComponent } from "@bitwarden/vault-export-ui";
 
 @Component({
   selector: "app-export",
@@ -95,7 +95,6 @@ export class ExportComponent extends BaseExportComponent {
     }
 
     const result = await UserVerificationDialogComponent.open(this.dialogService, {
-      clientSideOnlyVerification: true,
       title: "confirmVaultExport",
       bodyText: confirmDescription,
       confirmButtonOptions: {
diff --git a/apps/web/src/app/tools/vault-export/export.module.ts b/apps/web/src/app/tools/vault-export/export.module.ts
index aca8bdbd4e..ddf82b0a10 100644
--- a/apps/web/src/app/tools/vault-export/export.module.ts
+++ b/apps/web/src/app/tools/vault-export/export.module.ts
@@ -1,12 +1,14 @@
 import { NgModule } from "@angular/core";
 
+import { ExportScopeCalloutComponent } from "@bitwarden/vault-export-ui";
+
 import { LooseComponentsModule, SharedModule } from "../../shared";
 
 import { ExportRoutingModule } from "./export-routing.module";
 import { ExportComponent } from "./export.component";
 
 @NgModule({
-  imports: [SharedModule, LooseComponentsModule, ExportRoutingModule],
+  imports: [SharedModule, LooseComponentsModule, ExportRoutingModule, ExportScopeCalloutComponent],
   declarations: [ExportComponent],
 })
 export class ExportModule {}
diff --git a/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts b/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
index 357d2217e4..722ab972fc 100644
--- a/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
+++ b/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
@@ -18,7 +18,7 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -107,7 +107,7 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private organizationUserService: OrganizationUserService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private dialogService: DialogService,
     private changeDetectorRef: ChangeDetectorRef,
   ) {
diff --git a/apps/web/src/app/vault/components/vault-items/vault-item-event.ts b/apps/web/src/app/vault/components/vault-items/vault-item-event.ts
index b12076e359..f1f5cbc8c0 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-item-event.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-item-event.ts
@@ -15,4 +15,5 @@ export type VaultItemEvent =
   | { type: "delete"; items: VaultItem[] }
   | { type: "copyField"; item: CipherView; field: "username" | "password" | "totp" }
   | { type: "moveToFolder"; items: CipherView[] }
-  | { type: "moveToOrganization"; items: CipherView[] };
+  | { type: "moveToOrganization"; items: CipherView[] }
+  | { type: "assignToCollections"; items: CipherView[] };
diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.component.html b/apps/web/src/app/vault/components/vault-items/vault-items.component.html
index ee284d0517..c63273fabd 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.html
@@ -46,6 +46,15 @@
               <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
               {{ "access" | i18n }}
             </button>
+            <button
+              *ngIf="showAdminActions && bulkAssignToCollectionsAllowed"
+              type="button"
+              bitMenuItem
+              (click)="assignToCollections()"
+            >
+              <i class="bwi bwi-fw bwi-collection" aria-hidden="true"></i>
+              {{ "assignToCollections" | i18n }}
+            </button>
             <button
               *ngIf="bulkMoveAllowed"
               type="button"
diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
index 7443e99ceb..7a8e858ba5 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
@@ -37,11 +37,12 @@ export class VaultItemsComponent {
   @Input() showBulkMove: boolean;
   @Input() showBulkTrashOptions: boolean;
   // Encompasses functionality only available from the organization vault context
-  @Input() showAdminActions: boolean;
+  @Input() showAdminActions = false;
   @Input() allOrganizations: Organization[] = [];
   @Input() allCollections: CollectionView[] = [];
   @Input() allGroups: GroupView[] = [];
   @Input() showBulkEditCollectionAccess = false;
+  @Input() showBulkAddToCollections = false;
   @Input() showPermissionsColumn = false;
   @Input() viewingOrgVault: boolean;
 
@@ -89,6 +90,10 @@ export class VaultItemsComponent {
     );
   }
 
+  get bulkAssignToCollectionsAllowed() {
+    return this.showBulkAddToCollections && this.ciphers.length > 0;
+  }
+
   protected canEditCollection(collection: CollectionView): boolean {
     // Only allow allow deletion if collection editing is enabled and not deleting "Unassigned"
     if (collection.id === Unassigned) {
@@ -182,4 +187,13 @@ export class VaultItemsComponent {
         .map((item) => item.collection),
     });
   }
+
+  protected assignToCollections() {
+    this.event({
+      type: "assignToCollections",
+      items: this.selection.selected
+        .filter((item) => item.cipher !== undefined)
+        .map((item) => item.cipher),
+    });
+  }
 }
diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts b/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
index 05659de073..ad80c9f4e5 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
@@ -8,7 +8,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { AvatarService } from "@bitwarden/common/auth/abstractions/avatar.service";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { DomainSettingsService } from "@bitwarden/common/autofill/services/domain-settings.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
@@ -92,7 +92,7 @@ export default {
           } as Partial<TokenService>,
         },
         {
-          provide: ConfigServiceAbstraction,
+          provide: ConfigService,
           useValue: {
             getFeatureFlag() {
               // does not currently affect any display logic, default all to OFF
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.html b/apps/web/src/app/vault/individual-vault/add-edit.component.html
index 12b41f181d..85075acfdd 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.html
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.html
@@ -192,11 +192,11 @@
             </div>
           </div>
           <ng-container *ngIf="cipher.login.hasFido2Credentials">
-            <div class="row">
-              <div class="col-6 form-group">
+            <div class="tw-flex tw-flex-row">
+              <div class="tw-mb-4 tw-w-1/2">
                 <label for="loginFido2credential">{{ "typePasskey" | i18n }}</label>
                 <div
-                  class="input-group"
+                  class="tw-flex tw-flex-row"
                   tabindex="0"
                   attr.aria-label="{{ 'typePasskey' | i18n }} {{
                     fido2CredentialCreationDateValue
@@ -212,6 +212,15 @@
                     disabled
                     readonly
                   />
+                  <button
+                    type="button"
+                    class="tw-items-center tw-border-none tw-bg-transparent tw-text-danger tw-ml-3"
+                    appA11yTitle="{{ 'removePasskey' | i18n }}"
+                    (click)="removePasskey()"
+                    *ngIf="!cipher.isDeleted && !viewOnly"
+                  >
+                    <i class="bwi bwi-lg bwi-minus-circle"></i>
+                  </button>
                 </div>
               </div>
             </div>
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.ts b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
index 8332b7e95f..56f18c4a3b 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
@@ -9,7 +9,7 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { EventType, ProductType } from "@bitwarden/common/enums";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -65,7 +65,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     sendApiService: SendApiService,
     dialogService: DialogService,
     datePipe: DatePipe,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     super(
diff --git a/apps/web/src/app/vault/individual-vault/collections.component.html b/apps/web/src/app/vault/individual-vault/collections.component.html
index 603e899c11..46bd94b316 100644
--- a/apps/web/src/app/vault/individual-vault/collections.component.html
+++ b/apps/web/src/app/vault/individual-vault/collections.component.html
@@ -40,6 +40,7 @@
                   [(ngModel)]="$any(c).checked"
                   name="Collection[{{ i }}].Checked"
                   appStopProp
+                  [disabled]="!c.canEditItems(this.organization, this.flexibleCollectionsV1Enabled)"
                 />
               </td>
               <td>
diff --git a/apps/web/src/app/vault/individual-vault/collections.component.ts b/apps/web/src/app/vault/individual-vault/collections.component.ts
index 29e6293c99..6cf0901f33 100644
--- a/apps/web/src/app/vault/individual-vault/collections.component.ts
+++ b/apps/web/src/app/vault/individual-vault/collections.component.ts
@@ -1,6 +1,7 @@
 import { Component, OnDestroy } from "@angular/core";
 
 import { CollectionsComponent as BaseCollectionsComponent } from "@bitwarden/angular/admin-console/components/collections.component";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -18,9 +19,17 @@ export class CollectionsComponent extends BaseCollectionsComponent implements On
     platformUtilsService: PlatformUtilsService,
     i18nService: I18nService,
     cipherService: CipherService,
+    organizationSerivce: OrganizationService,
     logService: LogService,
   ) {
-    super(collectionService, platformUtilsService, i18nService, cipherService, logService);
+    super(
+      collectionService,
+      platformUtilsService,
+      i18nService,
+      cipherService,
+      organizationSerivce,
+      logService,
+    );
   }
 
   ngOnDestroy() {
@@ -28,6 +37,9 @@ export class CollectionsComponent extends BaseCollectionsComponent implements On
   }
 
   check(c: CollectionView, select?: boolean) {
+    if (!c.canEditItems(this.organization, this.flexibleCollectionsV1Enabled)) {
+      return;
+    }
     (c as any).checked = select == null ? !(c as any).checked : select;
   }
 
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
index b7cb33d97e..fa81abdc54 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
@@ -1,6 +1,7 @@
 import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
 import { combineLatest, map, Observable, Subject, takeUntil } from "rxjs";
 
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
@@ -12,7 +13,6 @@ import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { DialogService } from "@bitwarden/components";
 
@@ -44,8 +44,8 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy {
     private logService: LogService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     private dialogService: DialogService,
-    private stateService: StateService,
   ) {}
 
   async ngOnInit() {
@@ -56,7 +56,7 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy {
     combineLatest([
       this.organization$,
       resetPasswordPolicies$,
-      this.stateService.getAccountDecryptionOptions(),
+      this.userDecryptionOptionsService.userDecryptionOptions$,
     ])
       .pipe(takeUntil(this.destroy$))
       .subscribe(([organization, resetPasswordPolicies, decryptionOptions]) => {
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/services/abstractions/vault-filter.service.ts b/apps/web/src/app/vault/individual-vault/vault-filter/services/abstractions/vault-filter.service.ts
index 72be67f7a0..3f8a0fb99d 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/services/abstractions/vault-filter.service.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/services/abstractions/vault-filter.service.ts
@@ -5,6 +5,7 @@ import { CollectionView } from "@bitwarden/common/src/vault/models/view/collecti
 import { FolderView } from "@bitwarden/common/src/vault/models/view/folder.view";
 import { TreeNode } from "@bitwarden/common/vault/models/domain/tree-node";
 
+import { CollectionAdminView } from "../../../../core/views/collection-admin.view";
 import {
   CipherTypeFilter,
   CollectionFilter,
@@ -20,7 +21,6 @@ export abstract class VaultFilterService {
   folderTree$: Observable<TreeNode<FolderFilter>>;
   collectionTree$: Observable<TreeNode<CollectionFilter>>;
   cipherTypeTree$: Observable<TreeNode<CipherTypeFilter>>;
-  reloadCollections: (collections: CollectionView[]) => void;
   getCollectionNodeFromTree: (id: string) => Promise<TreeNode<CollectionFilter>>;
   setCollapsedFilterNodes: (collapsedFilterNodes: Set<string>) => Promise<void>;
   expandOrgFilter: () => Promise<void>;
@@ -30,4 +30,6 @@ export abstract class VaultFilterService {
     head: CipherTypeFilter,
     array: CipherTypeFilter[],
   ) => Observable<TreeNode<CipherTypeFilter>>;
+  // TODO: Remove this from org vault when collection admin service adopts state management
+  reloadCollections?: (collections: CollectionAdminView[]) => void;
 }
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts
index 511da100b5..e5938b5197 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts
@@ -15,6 +15,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
@@ -31,8 +32,10 @@ describe("vault filter service", () => {
   let cipherService: MockProxy<CipherService>;
   let policyService: MockProxy<PolicyService>;
   let i18nService: MockProxy<I18nService>;
+  let collectionService: MockProxy<CollectionService>;
   let organizations: ReplaySubject<Organization[]>;
   let folderViews: ReplaySubject<FolderView[]>;
+  let collectionViews: ReplaySubject<CollectionView[]>;
   let stateProvider: FakeStateProvider;
 
   const mockUserId = Utils.newGuid() as UserId;
@@ -48,12 +51,15 @@ describe("vault filter service", () => {
     accountService = mockAccountServiceWith(mockUserId);
     stateProvider = new FakeStateProvider(accountService);
     i18nService.collator = new Intl.Collator("en-US");
+    collectionService = mock<CollectionService>();
 
     organizations = new ReplaySubject<Organization[]>(1);
     folderViews = new ReplaySubject<FolderView[]>(1);
+    collectionViews = new ReplaySubject<CollectionView[]>(1);
 
     organizationService.memberOrganizations$ = organizations;
     folderService.folderViews$ = folderViews;
+    collectionService.decryptedCollections$ = collectionViews;
 
     vaultFilterService = new VaultFilterService(
       organizationService,
@@ -62,6 +68,7 @@ describe("vault filter service", () => {
       policyService,
       i18nService,
       stateProvider,
+      collectionService,
     );
     collapsedGroupingsState = stateProvider.activeUser.getFake(COLLAPSED_GROUPINGS);
   });
@@ -196,9 +203,7 @@ describe("vault filter service", () => {
           createCollectionView("1", "collection 1", "org test id"),
           createCollectionView("2", "collection 2", "non matching org id"),
         ];
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        vaultFilterService.reloadCollections(storedCollections);
+        collectionViews.next(storedCollections);
 
         await expect(firstValueFrom(vaultFilterService.filteredCollections$)).resolves.toEqual([
           createCollectionView("1", "collection 1", "org test id"),
@@ -213,9 +218,7 @@ describe("vault filter service", () => {
           createCollectionView("id-2", "Collection 1/Collection 2", "org test id"),
           createCollectionView("id-3", "Collection 1/Collection 3", "org test id"),
         ];
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        vaultFilterService.reloadCollections(storedCollections);
+        collectionViews.next(storedCollections);
 
         const result = await firstValueFrom(vaultFilterService.collectionTree$);
 
@@ -228,9 +231,7 @@ describe("vault filter service", () => {
           createCollectionView("id-1", "Collection 1", "org test id"),
           createCollectionView("id-3", "Collection 1/Collection 2/Collection 3", "org test id"),
         ];
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        vaultFilterService.reloadCollections(storedCollections);
+        collectionViews.next(storedCollections);
 
         const result = await firstValueFrom(vaultFilterService.collectionTree$);
 
@@ -246,9 +247,7 @@ describe("vault filter service", () => {
           createCollectionView("id-3", "Collection 1/Collection 2/Collection 3", "org test id"),
           createCollectionView("id-4", "Collection 1/Collection 4", "org test id"),
         ];
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        vaultFilterService.reloadCollections(storedCollections);
+        collectionViews.next(storedCollections);
 
         const result = await firstValueFrom(vaultFilterService.collectionTree$);
 
@@ -266,9 +265,7 @@ describe("vault filter service", () => {
           createCollectionView("id-1", "Collection 1", "org test id"),
           createCollectionView("id-3", "Collection 1/Collection 2/Collection 3", "org test id"),
         ];
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        vaultFilterService.reloadCollections(storedCollections);
+        collectionViews.next(storedCollections);
 
         const result = await firstValueFrom(vaultFilterService.collectionTree$);
 
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts
index 9dfc07b5db..6bedac5bb6 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts
@@ -1,13 +1,11 @@
 import { Injectable } from "@angular/core";
 import {
   BehaviorSubject,
-  combineLatest,
   combineLatestWith,
   firstValueFrom,
   map,
   Observable,
   of,
-  ReplaySubject,
   switchMap,
 } from "rxjs";
 
@@ -18,6 +16,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { ActiveUserState, StateProvider } from "@bitwarden/common/platform/state";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { TreeNode } from "@bitwarden/common/vault/models/domain/tree-node";
@@ -57,17 +56,14 @@ export class VaultFilterService implements VaultFilterServiceAbstraction {
     map((folders) => this.buildFolderTree(folders)),
   );
 
-  // TODO: Remove once collections is refactored with observables
-  // replace with collection service observable
-  private collectionViews$ = new ReplaySubject<CollectionView[]>(1);
-  filteredCollections$: Observable<CollectionView[]> = combineLatest([
-    this.collectionViews$,
-    this._organizationFilter,
-  ]).pipe(
-    switchMap(([collections, org]) => {
-      return this.filterCollections(collections, org);
-    }),
-  );
+  filteredCollections$: Observable<CollectionView[]> =
+    this.collectionService.decryptedCollections$.pipe(
+      combineLatestWith(this._organizationFilter),
+      switchMap(([collections, org]) => {
+        return this.filterCollections(collections, org);
+      }),
+    );
+
   collectionTree$: Observable<TreeNode<CollectionFilter>> = this.filteredCollections$.pipe(
     map((collections) => this.buildCollectionTree(collections)),
   );
@@ -87,12 +83,9 @@ export class VaultFilterService implements VaultFilterServiceAbstraction {
     protected policyService: PolicyService,
     protected i18nService: I18nService,
     protected stateProvider: StateProvider,
+    protected collectionService: CollectionService,
   ) {}
 
-  async reloadCollections(collections: CollectionView[]) {
-    this.collectionViews$.next(collections);
-  }
-
   async getCollectionNodeFromTree(id: string) {
     const collections = await firstValueFrom(this.collectionTree$);
     return ServiceUtils.getTreeNodeObject(collections, id) as TreeNode<CollectionFilter>;
diff --git a/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.spec.ts b/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.spec.ts
index 3424717630..8967336f75 100644
--- a/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.spec.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.spec.ts
@@ -5,7 +5,7 @@ import { Subject, of } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateProvider } from "@bitwarden/common/platform/state";
@@ -21,7 +21,7 @@ describe("VaultOnboardingComponent", () => {
   let mockApiService: Partial<ApiService>;
   let mockPolicyService: MockProxy<PolicyService>;
   let mockI18nService: MockProxy<I18nService>;
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
   let mockVaultOnboardingService: MockProxy<VaultOnboardingServiceAbstraction>;
   let mockStateProvider: Partial<StateProvider>;
   let setInstallExtLinkSpy: any;
@@ -34,7 +34,7 @@ describe("VaultOnboardingComponent", () => {
     mockApiService = {
       getProfile: jest.fn(),
     };
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockConfigService = mock<ConfigService>();
     mockVaultOnboardingService = mock<VaultOnboardingServiceAbstraction>();
     mockStateProvider = {
       getActive: jest.fn().mockReturnValue(
@@ -56,7 +56,7 @@ describe("VaultOnboardingComponent", () => {
         { provide: VaultOnboardingServiceAbstraction, useValue: mockVaultOnboardingService },
         { provide: I18nService, useValue: mockI18nService },
         { provide: ApiService, useValue: mockApiService },
-        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+        { provide: ConfigService, useValue: mockConfigService },
         { provide: StateProvider, useValue: mockStateProvider },
       ],
     }).compileComponents();
diff --git a/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.ts b/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.ts
index 22f56a85a9..dc3a41cf15 100644
--- a/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-onboarding/vault-onboarding.component.ts
@@ -17,7 +17,7 @@ import { PolicyService } from "@bitwarden/common/admin-console/abstractions/poli
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { VaultOnboardingMessages } from "@bitwarden/common/vault/enums/vault-onboarding.enum";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@@ -43,7 +43,7 @@ export class VaultOnboardingComponent implements OnInit, OnChanges, OnDestroy {
   isIndividualPolicyVault: boolean;
   private destroy$ = new Subject<void>();
   isNewAccount: boolean;
-  private readonly onboardingReleaseDate = new Date("2024-01-01");
+  private readonly onboardingReleaseDate = new Date("2024-04-02");
   showOnboardingAccess$: Observable<boolean>;
 
   protected currentTasks: VaultOnboardingTasks;
@@ -55,7 +55,7 @@ export class VaultOnboardingComponent implements OnInit, OnChanges, OnDestroy {
     protected platformUtilsService: PlatformUtilsService,
     protected policyService: PolicyService,
     private apiService: ApiService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private vaultOnboardingService: VaultOnboardingServiceAbstraction,
   ) {}
 
diff --git a/apps/web/src/app/vault/individual-vault/vault.component.html b/apps/web/src/app/vault/individual-vault/vault.component.html
index b59e554f5a..5f90f8d440 100644
--- a/apps/web/src/app/vault/individual-vault/vault.component.html
+++ b/apps/web/src/app/vault/individual-vault/vault.component.html
@@ -50,7 +50,6 @@
       [cloneableOrganizationCiphers]="false"
       [showAdminActions]="false"
       (onEvent)="onVaultItemsEvent($event)"
-      [showBulkEditCollectionAccess]="showBulkCollectionAccess$ | async"
     >
     </app-vault-items>
     <div
diff --git a/apps/web/src/app/vault/individual-vault/vault.component.ts b/apps/web/src/app/vault/individual-vault/vault.component.ts
index d7d9ab8074..b9e1c553a7 100644
--- a/apps/web/src/app/vault/individual-vault/vault.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault.component.ts
@@ -39,9 +39,8 @@ import { TokenService } from "@bitwarden/common/auth/abstractions/token.service"
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { EventType } from "@bitwarden/common/enums";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -145,10 +144,6 @@ export class VaultComponent implements OnInit, OnDestroy {
   protected selectedCollection: TreeNode<CollectionView> | undefined;
   protected canCreateCollections = false;
   protected currentSearchText$: Observable<string>;
-  protected showBulkCollectionAccess$ = this.configService.getFeatureFlag$(
-    FeatureFlag.BulkCollectionAccess,
-    false,
-  );
 
   private searchText$ = new Subject<string>();
   private refresh$ = new BehaviorSubject<void>(null);
@@ -180,7 +175,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     private eventCollectionService: EventCollectionService,
     private searchService: SearchService,
     private searchPipe: SearchPipe,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private apiService: ApiService,
     private userVerificationService: UserVerificationService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
@@ -246,7 +241,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       });
 
     const filter$ = this.routedVaultFilterService.filter$;
-    const allCollections$ = Utils.asyncToObservable(() => this.collectionService.getAllDecrypted());
+    const allCollections$ = this.collectionService.decryptedCollections$;
     const nestedCollections$ = allCollections$.pipe(
       map((collections) => getNestedCollectionTree(collections)),
     );
@@ -406,10 +401,6 @@ export class VaultComponent implements OnInit, OnDestroy {
             (filter.organizationId === undefined || filter.organizationId === Unassigned);
           this.isEmpty = collections?.length === 0 && ciphers?.length === 0;
 
-          // This is a temporary fix to avoid double fetching collections.
-          // TODO: Remove when implementing new VVR menu
-          this.vaultFilterService.reloadCollections(allCollections);
-
           this.performingInitialLoad = false;
           this.refreshing = false;
         },
diff --git a/apps/web/src/app/vault/org-vault/add-edit.component.ts b/apps/web/src/app/vault/org-vault/add-edit.component.ts
index cb879dfcc7..c4213989c6 100644
--- a/apps/web/src/app/vault/org-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/org-vault/add-edit.component.ts
@@ -7,7 +7,7 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -54,7 +54,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     sendApiService: SendApiService,
     dialogService: DialogService,
     datePipe: DatePipe,
-    configService: ConfigServiceAbstraction,
+    configService: ConfigService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     super(
@@ -105,8 +105,14 @@ export class AddEditComponent extends BaseAddEditComponent {
   }
 
   protected async loadCipher() {
-    if (!this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
-      return await super.loadCipher();
+    // Calling loadCipher first to assess if the cipher is unassigned. If null use apiService getCipherAdmin
+    const firstCipherCheck = await super.loadCipher();
+
+    if (
+      !this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
+      firstCipherCheck != null
+    ) {
+      return firstCipherCheck;
     }
     const response = await this.apiService.getCipherAdmin(this.cipherId);
     const data = new CipherData(response);
diff --git a/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.html b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.html
new file mode 100644
index 0000000000..520e807788
--- /dev/null
+++ b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.html
@@ -0,0 +1,66 @@
+<bit-dialog dialogSize="large">
+  <span bitDialogTitle>
+    {{ "assignToCollections" | i18n }}
+    <span class="tw-text-sm tw-normal-case tw-text-muted">
+      {{ pluralize(editableItemCount, "item", "items") }}
+    </span>
+  </span>
+
+  <div bitDialogContent>
+    <p>{{ "bulkCollectionAssignmentDialogDescription" | i18n }}</p>
+
+    <p *ngIf="readonlyItemCount > 0">
+      {{ "bulkCollectionAssignmentWarning" | i18n: totalItemCount : readonlyItemCount }}
+    </p>
+
+    <div class="tw-flex">
+      <bit-form-field class="tw-grow">
+        <bit-label>{{ "selectCollectionsToAssign" | i18n }}</bit-label>
+        <bit-multi-select
+          class="tw-w-full"
+          [baseItems]="availableCollections"
+          [removeSelectedItems]="true"
+          (onItemsConfirmed)="selectCollections($event)"
+        ></bit-multi-select>
+      </bit-form-field>
+    </div>
+
+    <bit-table>
+      <ng-container header>
+        <td bitCell>{{ "assignToTheseCollections" | i18n }}</td>
+        <td bitCell class="tw-w-20"></td>
+      </ng-container>
+      <ng-template body>
+        <tr bitRow *ngFor="let item of selectedCollections; let i = index">
+          <td bitCell>
+            <i class="bwi bwi-collection" aria-hidden="true"></i>
+            {{ item.labelName }}
+          </td>
+          <td bitCell class="tw-text-right">
+            <button
+              type="button"
+              bitIconButton="bwi-close"
+              buttonType="muted"
+              appA11yTitle="{{ 'remove' | i18n }} {{ item.labelName }}"
+              (click)="unselectCollection(i)"
+            ></button>
+          </td>
+        </tr>
+        <tr *ngIf="selectedCollections.length == 0">
+          <td bitCell>
+            {{ "noCollectionsAssigned" | i18n }}
+          </td>
+        </tr>
+      </ng-template>
+    </bit-table>
+  </div>
+
+  <ng-container bitDialogFooter>
+    <button type="submit" bitButton buttonType="primary" [bitAction]="submit" [disabled]="!isValid">
+      {{ "assign" | i18n }}
+    </button>
+    <button type="button" bitButton buttonType="secondary" bitDialogClose>
+      {{ "cancel" | i18n }}
+    </button>
+  </ng-container>
+</bit-dialog>
diff --git a/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.ts b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.ts
new file mode 100644
index 0000000000..091c646178
--- /dev/null
+++ b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/bulk-collection-assignment-dialog.component.ts
@@ -0,0 +1,191 @@
+import { DIALOG_DATA, DialogConfig, DialogRef } from "@angular/cdk/dialog";
+import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
+import { Subject } from "rxjs";
+
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { CipherId, CollectionId, OrganizationId } from "@bitwarden/common/types/guid";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+import { DialogService, SelectItemView } from "@bitwarden/components";
+
+import { SharedModule } from "../../../shared";
+
+export interface BulkCollectionAssignmentDialogParams {
+  organizationId: OrganizationId;
+
+  /**
+   * The ciphers to be assigned to the collections selected in the dialog.
+   */
+  ciphers: CipherView[];
+
+  /**
+   * The collections available to assign the ciphers to.
+   */
+  availableCollections: CollectionView[];
+
+  /**
+   * The currently filtered collection. Selected by default. If the user deselects it in the dialog then it will be
+   * removed from the ciphers upon submission.
+   */
+  activeCollection?: CollectionView;
+}
+
+export enum BulkCollectionAssignmentDialogResult {
+  Saved = "saved",
+  Canceled = "canceled",
+}
+
+@Component({
+  imports: [SharedModule],
+  selector: "app-bulk-collection-assignment-dialog",
+  templateUrl: "./bulk-collection-assignment-dialog.component.html",
+  standalone: true,
+})
+export class BulkCollectionAssignmentDialogComponent implements OnDestroy, OnInit {
+  protected totalItemCount: number;
+  protected editableItemCount: number;
+  protected readonlyItemCount: number;
+  protected availableCollections: SelectItemView[] = [];
+  protected selectedCollections: SelectItemView[] = [];
+
+  private editableItems: CipherView[] = [];
+  private destroy$ = new Subject<void>();
+
+  protected pluralize = (count: number, singular: string, plural: string) =>
+    `${count} ${this.i18nService.t(count === 1 ? singular : plural)}`;
+
+  constructor(
+    @Inject(DIALOG_DATA) private params: BulkCollectionAssignmentDialogParams,
+    private dialogRef: DialogRef<BulkCollectionAssignmentDialogResult>,
+    private cipherService: CipherService,
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService,
+    private configService: ConfigService,
+    private organizationService: OrganizationService,
+  ) {}
+
+  async ngOnInit() {
+    const v1FCEnabled = await this.configService.getFeatureFlag(
+      FeatureFlag.FlexibleCollectionsV1,
+      false,
+    );
+    const org = await this.organizationService.get(this.params.organizationId);
+
+    if (org.canEditAllCiphers(v1FCEnabled)) {
+      this.editableItems = this.params.ciphers;
+    } else {
+      this.editableItems = this.params.ciphers.filter((c) => c.edit);
+    }
+
+    this.editableItemCount = this.editableItems.length;
+
+    // If no ciphers are editable, close the dialog
+    if (this.editableItemCount == 0) {
+      this.platformUtilsService.showToast(
+        "error",
+        this.i18nService.t("errorOccurred"),
+        this.i18nService.t("nothingSelected"),
+      );
+      this.dialogRef.close(BulkCollectionAssignmentDialogResult.Canceled);
+    }
+
+    this.totalItemCount = this.params.ciphers.length;
+    this.readonlyItemCount = this.totalItemCount - this.editableItemCount;
+
+    this.availableCollections = this.params.availableCollections.map((c) => ({
+      icon: "bwi-collection",
+      id: c.id,
+      labelName: c.name,
+      listName: c.name,
+    }));
+
+    // If the active collection is set, select it by default
+    if (this.params.activeCollection) {
+      this.selectCollections([
+        {
+          icon: "bwi-collection",
+          id: this.params.activeCollection.id,
+          labelName: this.params.activeCollection.name,
+          listName: this.params.activeCollection.name,
+        },
+      ]);
+    }
+  }
+
+  private sortItems = (a: SelectItemView, b: SelectItemView) =>
+    this.i18nService.collator.compare(a.labelName, b.labelName);
+
+  selectCollections(items: SelectItemView[]) {
+    this.selectedCollections = [...this.selectedCollections, ...items].sort(this.sortItems);
+
+    this.availableCollections = this.availableCollections.filter(
+      (item) => !items.find((i) => i.id === item.id),
+    );
+  }
+
+  unselectCollection(i: number) {
+    const removed = this.selectedCollections.splice(i, 1);
+    this.availableCollections = [...this.availableCollections, ...removed].sort(this.sortItems);
+  }
+
+  get isValid() {
+    return this.params.activeCollection != null || this.selectedCollections.length > 0;
+  }
+
+  submit = async () => {
+    if (!this.isValid) {
+      return;
+    }
+
+    const cipherIds = this.editableItems.map((i) => i.id as CipherId);
+
+    if (this.selectedCollections.length > 0) {
+      await this.cipherService.bulkUpdateCollectionsWithServer(
+        this.params.organizationId,
+        cipherIds,
+        this.selectedCollections.map((i) => i.id as CollectionId),
+        false,
+      );
+    }
+
+    if (
+      this.params.activeCollection != null &&
+      this.selectedCollections.find((c) => c.id === this.params.activeCollection.id) == null
+    ) {
+      await this.cipherService.bulkUpdateCollectionsWithServer(
+        this.params.organizationId,
+        cipherIds,
+        [this.params.activeCollection.id as CollectionId],
+        true,
+      );
+    }
+
+    this.platformUtilsService.showToast(
+      "success",
+      null,
+      this.i18nService.t("successfullyAssignedCollections"),
+    );
+
+    this.dialogRef.close(BulkCollectionAssignmentDialogResult.Saved);
+  };
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+
+  static open(
+    dialogService: DialogService,
+    config: DialogConfig<BulkCollectionAssignmentDialogParams>,
+  ) {
+    return dialogService.open<
+      BulkCollectionAssignmentDialogResult,
+      BulkCollectionAssignmentDialogParams
+    >(BulkCollectionAssignmentDialogComponent, config);
+  }
+}
diff --git a/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/index.ts b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/index.ts
new file mode 100644
index 0000000000..44042e3267
--- /dev/null
+++ b/apps/web/src/app/vault/org-vault/bulk-collection-assignment-dialog/index.ts
@@ -0,0 +1 @@
+export * from "./bulk-collection-assignment-dialog.component";
diff --git a/apps/web/src/app/vault/org-vault/collections.component.ts b/apps/web/src/app/vault/org-vault/collections.component.ts
index 4b6bc26e7b..020d3fbe95 100644
--- a/apps/web/src/app/vault/org-vault/collections.component.ts
+++ b/apps/web/src/app/vault/org-vault/collections.component.ts
@@ -1,6 +1,7 @@
 import { Component } from "@angular/core";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -25,15 +26,27 @@ export class CollectionsComponent extends BaseCollectionsComponent {
     platformUtilsService: PlatformUtilsService,
     i18nService: I18nService,
     cipherService: CipherService,
+    organizationService: OrganizationService,
     private apiService: ApiService,
     logService: LogService,
   ) {
-    super(collectionService, platformUtilsService, i18nService, cipherService, logService);
+    super(
+      collectionService,
+      platformUtilsService,
+      i18nService,
+      cipherService,
+      organizationService,
+      logService,
+    );
     this.allowSelectNone = true;
   }
 
   protected async loadCipher() {
-    if (!this.organization.canViewAllCollections) {
+    // if cipher is unassigned use apiService. We can see this by looking at this.collectionIds
+    if (
+      !this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
+      this.collectionIds.length !== 0
+    ) {
       return await super.loadCipher();
     }
     const response = await this.apiService.getCipherAdmin(this.cipherId);
@@ -55,7 +68,10 @@ export class CollectionsComponent extends BaseCollectionsComponent {
   }
 
   protected saveCollections() {
-    if (this.organization.canEditAnyCollection) {
+    if (
+      this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) ||
+      this.collectionIds.length === 0
+    ) {
       const request = new CipherCollectionsRequest(this.cipherDomain.collectionIds);
       return this.apiService.putCipherCollectionsAdmin(this.cipherId, request);
     } else {
diff --git a/apps/web/src/app/vault/org-vault/vault-filter/vault-filter.service.ts b/apps/web/src/app/vault/org-vault/vault-filter/vault-filter.service.ts
index f82ba945e4..c6d4ee590b 100644
--- a/apps/web/src/app/vault/org-vault/vault-filter/vault-filter.service.ts
+++ b/apps/web/src/app/vault/org-vault/vault-filter/vault-filter.service.ts
@@ -6,11 +6,11 @@ import { PolicyService } from "@bitwarden/common/admin-console/abstractions/poli
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { StateProvider } from "@bitwarden/common/platform/state";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TreeNode } from "@bitwarden/common/vault/models/domain/tree-node";
 
 import { CollectionAdminView } from "../../../vault/core/views/collection-admin.view";
-import { CollectionAdminService } from "../../core/collection-admin.service";
 import { VaultFilterService as BaseVaultFilterService } from "../../individual-vault/vault-filter/services/vault-filter.service";
 import { CollectionFilter } from "../../individual-vault/vault-filter/shared/models/vault-filter.type";
 
@@ -32,7 +32,7 @@ export class VaultFilterService extends BaseVaultFilterService implements OnDest
     policyService: PolicyService,
     i18nService: I18nService,
     stateProvider: StateProvider,
-    protected collectionAdminService: CollectionAdminService,
+    collectionService: CollectionService,
   ) {
     super(
       organizationService,
@@ -41,6 +41,7 @@ export class VaultFilterService extends BaseVaultFilterService implements OnDest
       policyService,
       i18nService,
       stateProvider,
+      collectionService,
     );
   }
 
diff --git a/apps/web/src/app/vault/org-vault/vault.component.html b/apps/web/src/app/vault/org-vault/vault.component.html
index 08bf77be37..4bec92b5db 100644
--- a/apps/web/src/app/vault/org-vault/vault.component.html
+++ b/apps/web/src/app/vault/org-vault/vault.component.html
@@ -51,9 +51,8 @@
       [cloneableOrganizationCiphers]="true"
       [showAdminActions]="true"
       (onEvent)="onVaultItemsEvent($event)"
-      [showBulkEditCollectionAccess]="
-        (showBulkEditCollectionAccess$ | async) && organization?.flexibleCollections
-      "
+      [showBulkEditCollectionAccess]="organization?.flexibleCollections"
+      [showBulkAddToCollections]="organization?.flexibleCollections"
       [viewingOrgVault]="true"
     >
     </app-vault-items>
diff --git a/apps/web/src/app/vault/org-vault/vault.component.ts b/apps/web/src/app/vault/org-vault/vault.component.ts
index fa8c376630..a267612bd6 100644
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@@ -40,12 +40,13 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
@@ -86,6 +87,10 @@ import { getNestedCollectionTree } from "../utils/collection-utils";
 
 import { AddEditComponent } from "./add-edit.component";
 import { AttachmentsComponent } from "./attachments.component";
+import {
+  BulkCollectionAssignmentDialogComponent,
+  BulkCollectionAssignmentDialogResult,
+} from "./bulk-collection-assignment-dialog";
 import {
   BulkCollectionsDialogComponent,
   BulkCollectionsDialogResult,
@@ -137,10 +142,7 @@ export class VaultComponent implements OnInit, OnDestroy {
   protected showCollectionAccessRestricted: boolean;
   protected currentSearchText$: Observable<string>;
   protected editableCollections$: Observable<CollectionView[]>;
-  protected showBulkEditCollectionAccess$ = this.configService.getFeatureFlag$(
-    FeatureFlag.BulkCollectionAccess,
-    false,
-  );
+  protected allCollectionsWithoutUnassigned$: Observable<CollectionAdminView[]>;
   private _flexibleCollectionsV1FlagEnabled: boolean;
 
   protected get flexibleCollectionsV1Enabled(): boolean {
@@ -178,7 +180,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     private totpService: TotpService,
     private apiService: ApiService,
     private collectionService: CollectionService,
-    protected configService: ConfigServiceAbstraction,
+    protected configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -253,7 +255,7 @@ export class VaultComponent implements OnInit, OnDestroy {
 
     this.currentSearchText$ = this.route.queryParams.pipe(map((queryParams) => queryParams.search));
 
-    const allCollectionsWithoutUnassigned$ = combineLatest([
+    this.allCollectionsWithoutUnassigned$ = combineLatest([
       organizationId$.pipe(switchMap((orgId) => this.collectionAdminService.getAll(orgId))),
       defer(() => this.collectionService.getAllDecrypted()),
     ]).pipe(
@@ -276,7 +278,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       shareReplay({ refCount: true, bufferSize: 1 }),
     );
 
-    this.editableCollections$ = allCollectionsWithoutUnassigned$.pipe(
+    this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe(
       map((collections) => {
         // Users that can edit all ciphers can implicitly edit all collections
         if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
@@ -287,7 +289,10 @@ export class VaultComponent implements OnInit, OnDestroy {
       shareReplay({ refCount: true, bufferSize: 1 }),
     );
 
-    const allCollections$ = combineLatest([organizationId$, allCollectionsWithoutUnassigned$]).pipe(
+    const allCollections$ = combineLatest([
+      organizationId$,
+      this.allCollectionsWithoutUnassigned$,
+    ]).pipe(
       map(([organizationId, allCollections]) => {
         const noneCollection = new CollectionAdminView();
         noneCollection.name = this.i18nService.t("unassigned");
@@ -627,6 +632,8 @@ export class VaultComponent implements OnInit, OnDestroy {
         await this.editCollection(event.item, CollectionDialogTabType.Access);
       } else if (event.type === "bulkEditCollectionAccess") {
         await this.bulkEditCollectionAccess(event.items);
+      } else if (event.type === "assignToCollections") {
+        await this.bulkAssignToCollections(event.items);
       } else if (event.type === "viewEvents") {
         await this.viewEvents(event.item);
       }
@@ -680,16 +687,35 @@ export class VaultComponent implements OnInit, OnDestroy {
 
     if (this.flexibleCollectionsV1Enabled) {
       // V1 limits admins to only adding items to collections they have access to.
-      collections = await firstValueFrom(this.editableCollections$);
-    } else {
-      collections = (await firstValueFrom(this.vaultFilterService.filteredCollections$)).filter(
-        (c) => !c.readOnly && c.id != Unassigned,
+      collections = await firstValueFrom(
+        this.allCollectionsWithoutUnassigned$.pipe(
+          map((c) => {
+            return c.sort((a, b) => {
+              if (
+                a.canEditItems(this.organization, true) &&
+                !b.canEditItems(this.organization, true)
+              ) {
+                return -1;
+              } else if (
+                !a.canEditItems(this.organization, true) &&
+                b.canEditItems(this.organization, true)
+              ) {
+                return 1;
+              } else {
+                return a.name.localeCompare(b.name);
+              }
+            });
+          }),
+        ),
       );
+    } else {
+      collections = await firstValueFrom(this.allCollectionsWithoutUnassigned$);
     }
     const [modal] = await this.modalService.openViewRef(
       CollectionsComponent,
       this.collectionsModalRef,
       (comp) => {
+        comp.flexibleCollectionsV1Enabled = this.flexibleCollectionsV1Enabled;
         comp.collectionIds = cipher.collectionIds;
         comp.collections = collections;
         comp.organization = this.organization;
@@ -1069,6 +1095,41 @@ export class VaultComponent implements OnInit, OnDestroy {
     }
   }
 
+  async bulkAssignToCollections(items: CipherView[]) {
+    if (items.length === 0) {
+      this.platformUtilsService.showToast(
+        "error",
+        this.i18nService.t("errorOccurred"),
+        this.i18nService.t("nothingSelected"),
+      );
+      return;
+    }
+
+    let availableCollections: CollectionView[];
+
+    if (this.flexibleCollectionsV1Enabled) {
+      availableCollections = await firstValueFrom(this.editableCollections$);
+    } else {
+      availableCollections = (
+        await firstValueFrom(this.vaultFilterService.filteredCollections$)
+      ).filter((c) => c.id != Unassigned);
+    }
+
+    const dialog = BulkCollectionAssignmentDialogComponent.open(this.dialogService, {
+      data: {
+        ciphers: items,
+        organizationId: this.organization?.id as OrganizationId,
+        availableCollections,
+        activeCollection: this.activeFilter?.selectedCollectionNode?.node,
+      },
+    });
+
+    const result = await lastValueFrom(dialog.closed);
+    if (result === BulkCollectionAssignmentDialogResult.Saved) {
+      this.refresh();
+    }
+  }
+
   async viewEvents(cipher: CipherView) {
     await openEntityEventsDialog(this.dialogService, {
       data: {
diff --git a/apps/web/src/locales/af/messages.json b/apps/web/src/locales/af/messages.json
index 5dfab46b43..3677e54c1c 100644
--- a/apps/web/src/locales/af/messages.json
+++ b/apps/web/src/locales/af/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "U het nie toestemming om hierdie projek te skrap nie",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/ar/messages.json b/apps/web/src/locales/ar/messages.json
index e768588ed2..f5353f2234 100644
--- a/apps/web/src/locales/ar/messages.json
+++ b/apps/web/src/locales/ar/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/az/messages.json b/apps/web/src/locales/az/messages.json
index 550e968962..bc30012efe 100644
--- a/apps/web/src/locales/az/messages.json
+++ b/apps/web/src/locales/az/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Mövcud üzvlərin öz parollarını dəyişdirməsini tələb et"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Bu layihəni silmək icazəniz yoxdur",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Provayder Portal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Özünüzü qruplara əlavə edə bilməzsiniz."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Özünüzü kolleksiyalara əlavə edə bilməzsiniz."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/be/messages.json b/apps/web/src/locales/be/messages.json
index f828c3e640..2ec27ae4be 100644
--- a/apps/web/src/locales/be/messages.json
+++ b/apps/web/src/locales/be/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Патрабаваць ад існуючых удзельнікаў змены пароляў"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "У вас няма правоў для выдалення гэтага праекта",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/bg/messages.json b/apps/web/src/locales/bg/messages.json
index 9eb4004041..a0d1781736 100644
--- a/apps/web/src/locales/bg/messages.json
+++ b/apps/web/src/locales/bg/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Задължаване на текущите членове да сменят паролите си"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Нямате право за изтриване на този проект",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Портал за доставчици"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Не може да добавяте себе си към групи."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Не може да добавяте себе си към колекции."
+  },
+  "assign": {
+    "message": "Свързване"
+  },
+  "assignToCollections": {
+    "message": "Свързване с колекции"
+  },
+  "assignToTheseCollections": {
+    "message": "Свързване с тези колекции"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Изберете колекциите, с които да бъдат споделени тези елементи. Когато даден елемент бъде променен в една колекция, промяната ще бъде отразена във всички колекции. Само членовете на организацията с достъп до тези колекции ще могат да виждат елементите."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Изберете колекции за свързване"
+  },
+  "noCollectionsAssigned": {
+    "message": "Няма свързани колекции"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Успешно свързване на колекциите"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Избрали сте $TOTAL_COUNT$ елемента Не можете да промените $READONLY_COUNT$ от елементите, тъй като нямате право за редактиране.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Елементи"
   }
 }
diff --git a/apps/web/src/locales/bn/messages.json b/apps/web/src/locales/bn/messages.json
index a71efb69d7..9d0ccd3b50 100644
--- a/apps/web/src/locales/bn/messages.json
+++ b/apps/web/src/locales/bn/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/bs/messages.json b/apps/web/src/locales/bs/messages.json
index 3aefc032f9..84084847d4 100644
--- a/apps/web/src/locales/bs/messages.json
+++ b/apps/web/src/locales/bs/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/ca/messages.json b/apps/web/src/locales/ca/messages.json
index f847beb212..e23f7acec4 100644
--- a/apps/web/src/locales/ca/messages.json
+++ b/apps/web/src/locales/ca/messages.json
@@ -579,7 +579,7 @@
     "message": "Accés"
   },
   "accessLevel": {
-    "message": "Access level"
+    "message": "Nivell d'accés"
   },
   "loggedOut": {
     "message": "Sessió tancada"
@@ -3934,7 +3934,7 @@
     "message": "Una caixa forta bloquejada requereix que torne a introduir la contrasenya principal per accedir-ne de nou."
   },
   "vaultTimeoutActionLogOutDesc": {
-    "message": "Una caixa forta desconnectada requereix que torneu a autentificar-vos per accedir-hi de nou."
+    "message": "Una caixa forta desconnectada requereix que torneu a autentificar-vos per accedir-ne de nou."
   },
   "lock": {
     "message": "Bloqueja",
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Exigeix que els membres existents canvien les seues contrasenyes"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "No teniu permisos per suprimir aquest projecte",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Portal del proveïdor"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "No podeu afegir-vos als grups."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "No podeu afegir-vos a les col·leccions."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/cs/messages.json b/apps/web/src/locales/cs/messages.json
index 803c75a7a6..523f1faa10 100644
--- a/apps/web/src/locales/cs/messages.json
+++ b/apps/web/src/locales/cs/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Bude vyžadovat od stávajících členů, aby změnili svá hesla"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Nemáte oprávnění tento projekt smazat",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Portál poskytovatele"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Do skupin nemůžete přidat sami sebe."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Do kolekcí nemůžete přidat sami sebe."
+  },
+  "assign": {
+    "message": "Přiřadit"
+  },
+  "assignToCollections": {
+    "message": "Přiřadit ke kolekcím"
+  },
+  "assignToTheseCollections": {
+    "message": "Přiřadit k těmto kolekcím"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Vyberte kolekce, se kterými budou položky sdíleny. Jakmile bude položka aktualizována v jedné kolekci, bude zobrazena ve všech kolekcích. Jen členové organizace s přístupem k těmto kolekcím budou moci vidět položky."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Vyberte kolekce pro přiřazení"
+  },
+  "noCollectionsAssigned": {
+    "message": "Nebyly přiřazeny žádné kolekce"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Kolekce byly úspěšně přiřazeny"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Vybrali jste $TOTAL_COUNT$ položek. Nemůžete aktualizovat $READONLY_COUNT$ položek, protože nemáte oprávnění k úpravám.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Položky"
   }
 }
diff --git a/apps/web/src/locales/cy/messages.json b/apps/web/src/locales/cy/messages.json
index 6930e9c12b..4781d9d3b6 100644
--- a/apps/web/src/locales/cy/messages.json
+++ b/apps/web/src/locales/cy/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/da/messages.json b/apps/web/src/locales/da/messages.json
index e5d51ad1ad..bcb1c16235 100644
--- a/apps/web/src/locales/da/messages.json
+++ b/apps/web/src/locales/da/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Kræv, at eksisterende medlemmer ændrer deres adgangskoder"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Ingen tilladelse til at slette dette objekt",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Udbyderportal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Man kan ikke føje sig selv til grupper."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Man kan ikke føje sig selv til samlinger."
+  },
+  "assign": {
+    "message": "Tildel"
+  },
+  "assignToCollections": {
+    "message": "Tildel til samlinger"
+  },
+  "assignToTheseCollections": {
+    "message": "Tildel til samlinger"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Vælg de samlinger som emnerne vil blive delt med. Når et emne er opdateret i en samling, vil det blive afspejlet i alle samlinger. Kun organisationsmedlemmer med adgang til disse samlinger vil kunne se emnerne."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Vælg samlinger at tildele"
+  },
+  "noCollectionsAssigned": {
+    "message": "Ingen samlinger er blevet tildelt"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Samlinger hermed tildelt"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Der er valgt $TOTAL_COUNT$ emner. $READONLY_COUNT$ af emnerne kan ikke opdateres, da du ikke har redigeringsrettigheder.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Emner"
   }
 }
diff --git a/apps/web/src/locales/de/messages.json b/apps/web/src/locales/de/messages.json
index 29731e7680..c3e5a9bba5 100644
--- a/apps/web/src/locales/de/messages.json
+++ b/apps/web/src/locales/de/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Bestehende Mitglieder auffordern, ihre Passwörter zu ändern"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Dir fehlen die Berechtigungen, dieses Projekt zu löschen",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Anbieterportal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Du kannst dich nicht selbst zu Gruppen hinzufügen."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Du kannst dich nicht selbst zu Sammlungen hinzufügen."
+  },
+  "assign": {
+    "message": "Zuweisen"
+  },
+  "assignToCollections": {
+    "message": "Sammlungen zuweisen"
+  },
+  "assignToTheseCollections": {
+    "message": "Diesen Sammlungen zuweisen"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Wähle die Sammlungen, mit denen die Einträge geteilt werden. Sobald ein Eintrag in einer Sammlung aktualisiert wird, wird es in allen Sammlungen reflektiert. Nur Mitglieder von Organisationen mit Zugang zu diesen Sammlungen können die Einträge sehen."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Zu zuweisende Sammlungen auswählen"
+  },
+  "noCollectionsAssigned": {
+    "message": "Es wurden keine Sammlungen zugewiesen"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Sammlungen erfolgreich zugewiesen"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Du hast $TOTAL_COUNT$ Einträge ausgewählt. Du kannst $READONLY_COUNT$ der Einträge nicht aktualisieren, da du keine Bearbeitungsrechte hast.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Einträge"
   }
 }
diff --git a/apps/web/src/locales/el/messages.json b/apps/web/src/locales/el/messages.json
index 530d720ab4..0babeee15d 100644
--- a/apps/web/src/locales/el/messages.json
+++ b/apps/web/src/locales/el/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 07bffad857..95d1b03e72 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/en_GB/messages.json b/apps/web/src/locales/en_GB/messages.json
index a5c475ddb2..d70d6cff23 100644
--- a/apps/web/src/locales/en_GB/messages.json
+++ b/apps/web/src/locales/en_GB/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/en_IN/messages.json b/apps/web/src/locales/en_IN/messages.json
index eed741a600..561d267cab 100644
--- a/apps/web/src/locales/en_IN/messages.json
+++ b/apps/web/src/locales/en_IN/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/eo/messages.json b/apps/web/src/locales/eo/messages.json
index 5f6983250f..d3a9ad414a 100644
--- a/apps/web/src/locales/eo/messages.json
+++ b/apps/web/src/locales/eo/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/es/messages.json b/apps/web/src/locales/es/messages.json
index 15d894348e..250614565d 100644
--- a/apps/web/src/locales/es/messages.json
+++ b/apps/web/src/locales/es/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Requiere que los miembros existentes cambien sus contraseñas"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "No tiene permisos para eliminar este proyecto",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/et/messages.json b/apps/web/src/locales/et/messages.json
index a4118b887c..1866c649e4 100644
--- a/apps/web/src/locales/et/messages.json
+++ b/apps/web/src/locales/et/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/eu/messages.json b/apps/web/src/locales/eu/messages.json
index 285d95582c..0c35039424 100644
--- a/apps/web/src/locales/eu/messages.json
+++ b/apps/web/src/locales/eu/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/fa/messages.json b/apps/web/src/locales/fa/messages.json
index 2ce2bb10be..2c3d10c6a8 100644
--- a/apps/web/src/locales/fa/messages.json
+++ b/apps/web/src/locales/fa/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "از اعضای موجود بخواهید کلمه‌های عبور خود را تغییر دهند"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "شما مجوز حذف این پروژه را ندارید",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/fi/messages.json b/apps/web/src/locales/fi/messages.json
index 728bae1172..43bbf01847 100644
--- a/apps/web/src/locales/fi/messages.json
+++ b/apps/web/src/locales/fi/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Vaadi nykyisiä jäseniä vaihtamaan salasanansa"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Käyttöoikeutesi eivät salli tämän projektin poistamista",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Toimittajaportaali"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Et voi lisätä itseäsi ryhmiin."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Et voi lisätä itseäsi kokoelmiin."
+  },
+  "assign": {
+    "message": "Määritä"
+  },
+  "assignToCollections": {
+    "message": "Määritä kokoelmiin"
+  },
+  "assignToTheseCollections": {
+    "message": "Määritä näihin kokoelmiin"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Valitse kokoelmat, joihin kohteet jaetaan. Kun kohdetta muokataan yhdessä kokoelmassa, päivittyy muutos kaikkiin kokoelmiin. Kohteet näkyvät vain niille organisaation jäsenille, joilla on näiden kokoelmien käyttöoikeus."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Valitse määritettävät kokoelmat"
+  },
+  "noCollectionsAssigned": {
+    "message": "Kokoelmia ei ole määritetty"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Kokoelmat on määritetty"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Olet valinnut $TOTAL_COUNT$ kohdetta. Et voi muuttaa näistä $READONLY_COUNT$ kohdetta, koska käyttöoikeutesi eivät riitä niiden muokkaukseen.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Kohteet"
   }
 }
diff --git a/apps/web/src/locales/fil/messages.json b/apps/web/src/locales/fil/messages.json
index cf32d1abd2..bfcdccc7a2 100644
--- a/apps/web/src/locales/fil/messages.json
+++ b/apps/web/src/locales/fil/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/fr/messages.json b/apps/web/src/locales/fr/messages.json
index 459e63bf49..9cc40e4133 100644
--- a/apps/web/src/locales/fr/messages.json
+++ b/apps/web/src/locales/fr/messages.json
@@ -624,7 +624,7 @@
     "message": "Utiliser une méthode de connexion différente"
   },
   "loginWithPasskey": {
-    "message": "Se connecter avec la clé d'accès"
+    "message": "Se connecter avec une clé d'accès"
   },
   "invalidPasskeyPleaseTryAgain": {
     "message": "Passkey invalide. Veuillez réessayer de nouveau."
@@ -633,7 +633,7 @@
     "message": "La 2FA pour les Passkey n'est pas pris en charge. Mettez à jour l'application pour vous connecter."
   },
   "loginWithPasskeyInfo": {
-    "message": "Utilisez une clé d'accès générée qui vous connectera automatiquement sans mot de passe. Les fonctions biométriques, comme la reconnaissance faciale, l'empreinte digitale, ou une autre méthode de sécurité FIDO2 vérifiera votre identité."
+    "message": "Utilisez une clé d'accès générée qui vous connectera automatiquement sans mot de passe. La biométrie, comme la reconnaissance faciale ou les empreintes digitales, ou une autre méthode de sécurité FIDO2 vérifiera votre identité."
   },
   "newPasskey": {
     "message": "Nouvelle clé d'accès"
@@ -678,7 +678,7 @@
     "message": "Utilisé pour le chiffrement"
   },
   "loginWithPasskeyEnabled": {
-    "message": "Se connecter avec la clé d'accès activée"
+    "message": "Se connecter avec une clé d'accès activée"
   },
   "passkeySaved": {
     "message": "$NAME$ a été enregistrée",
@@ -738,7 +738,7 @@
     "message": "Le mot de passe principal est le mot de passe que vous utilisez pour accéder à votre coffre. Il est très important de ne pas oublier votre mot de passe principal. Il n'existe aucun moyen de récupérer le mot de passe si vous l'oubliez."
   },
   "masterPassImportant": {
-    "message": "Le mot de passe principal ne peut pas être récupéré si vous l'oubliez !"
+    "message": "Votre mot de passe principal ne peut pas être récupéré si vous l'oubliez !"
   },
   "masterPassHintDesc": {
     "message": "Un indice de mot de passe principal peut vous aider à vous souvenir de votre mot de passe si vous l'oubliez."
@@ -1084,7 +1084,7 @@
     "message": "Format de fichier"
   },
   "fileEncryptedExportWarningDesc": {
-    "message": "Ce fichier d'exportation sera protégé par mot de passe et nécessitera le mot de passe pour que le fichier soit déchiffré."
+    "message": "L'export de ce fichier sera protégé par un mot de passe et nécessitera le mot de passe du fichier pour être déchiffré."
   },
   "exportPasswordDescription": {
     "message": "Ce mot de passe sera utilisé pour exporter et importer ce fichier"
@@ -1093,7 +1093,7 @@
     "message": "Confirmer le mot de passe principal"
   },
   "confirmFormat": {
-    "message": "Confirmer le Format"
+    "message": "Confirmer le format"
   },
   "filePassword": {
     "message": "Mot de Passe du Fichier"
@@ -1114,7 +1114,7 @@
     "message": "Restreint à ce compte"
   },
   "passwordProtected": {
-    "message": "Protégé par Mot de Passe"
+    "message": "Protégé par mot de passe"
   },
   "filePasswordAndConfirmFilePasswordDoNotMatch": {
     "message": "Le \"Mot de Passe\" et le \"Mot de Passe Confirmé\" ne correspondent pas."
@@ -1123,7 +1123,7 @@
     "message": "Confirmer l'Importation du Coffre"
   },
   "confirmVaultImportDesc": {
-    "message": "Ce fichier est protégé par mot de passe. Veuillez entrer le mot de passe du fichier pour importer des données."
+    "message": "Ce fichier est protégé par un mot de passe. Veuillez saisir le mot de passe du fichier pour importer les données."
   },
   "exportSuccess": {
     "message": "Les données de votre coffre-fort ont été exportées."
@@ -1145,7 +1145,7 @@
     "message": "Éviter les caractères ambigus"
   },
   "regeneratePassword": {
-    "message": "Regénérer un mot de passe"
+    "message": "Régénérer un mot de passe"
   },
   "length": {
     "message": "Longueur"
@@ -1437,7 +1437,7 @@
     "message": "Sélectionnez le fichier à importer"
   },
   "chooseFile": {
-    "message": "Choisir le fichier"
+    "message": "Choisir un fichier"
   },
   "noFileChosen": {
     "message": "Aucun fichier choisi"
@@ -1486,7 +1486,7 @@
     "message": "Règles de domaine"
   },
   "domainRulesDesc": {
-    "message": "Si vous avez un même identifiant sur plusieurs noms de domaines différents, vous pouvez marquer le site web comme \"équivalent\". Des domaines \"globaux\" sont déjà créés pour vous par Bitwarden."
+    "message": "Si vous avez le même identifiant sur plusieurs domaines de sites web différents, vous pouvez marquer le site web comme \"équivalent\". Les domaines \"globaux\" sont ceux qui ont déjà été créés pour vous par Bitwarden."
   },
   "globalEqDomains": {
     "message": "Domaines équivalents globaux"
@@ -1547,7 +1547,7 @@
     "message": "Si vous avez configuré SSO ou si vous prévoyez de le faire, l'authentification à deux facteurs peut déjà être imposée via votre fournisseur d'identité."
   },
   "twoStepLoginRecoveryWarning": {
-    "message": "La configuration d'un système d'authentification à deux facteurs peut définitivement verrouiler l'accès à votre compte Bitwarden. Un code de récupération vous permet d'accéder à votre compte dans le cas où vous ne pouvez plus utiliser votre fournisseur normal d'authentification à deux facteurs (exemple : vous perdez votre appareil). L'assistance de Bitwarden ne pourra pas vous aider si vous perdez l'accès à votre compte. Nous vous recommandons de noter ou d'imprimer le code de récupération et de le conserver dans un lieu sûr."
+    "message": "La configuration d'un système d'authentification à deux facteurs peut définitivement vous verrouiller l'accès à votre compte Bitwarden. Un code de récupération vous permet d'accéder à votre compte dans le cas où vous ne pourriez plus utiliser votre fournisseur normal d'authentification à deux facteurs (exemple : vous perdez votre appareil). L'assistance de Bitwarden ne pourra pas vous aider si vous perdez l'accès à votre compte. Nous vous recommandons de noter ou d'imprimer le code de récupération et de le conserver en lieu sûr."
   },
   "viewRecoveryCode": {
     "message": "Voir le code de récupération"
@@ -1793,7 +1793,7 @@
     "message": "Rapports"
   },
   "reportsDesc": {
-    "message": "Identifiez et fermez les trous de sécurité dans vos comptes en ligne en cliquant sur les rapports ci-dessous.",
+    "message": "Identifiez et comblez les failles de sécurité de vos comptes en ligne en cliquant sur les rapports ci-dessous.",
     "description": "Vault health reports can be used to evaluate the security of your Bitwarden individual or organization vault."
   },
   "orgsReportsDesc": {
@@ -1801,10 +1801,10 @@
     "description": "Vault health reports can be used to evaluate the security of your Bitwarden individual or organization vault."
   },
   "unsecuredWebsitesReport": {
-    "message": "Rapport sur les sites web non sécurisés"
+    "message": "Sites web non sécurisés"
   },
   "unsecuredWebsitesReportDesc": {
-    "message": "L'utilisation de sites Web non sécurisés avec le schéma http:// peut être dangereuse. Si le site Web le permet, vous devriez toujours y accéder en utilisant le schéma https:// afin que votre connexion soit chiffrée."
+    "message": "Les URL qui commencent par http:// n'utilisent pas le meilleur chiffrement disponible. Modifiez les URI de connexion de ces comptes en https:// pour une navigation plus sûre."
   },
   "unsecuredWebsitesFound": {
     "message": "Sites web non sécurisés trouvés"
@@ -1846,7 +1846,7 @@
     "message": "Instructions"
   },
   "exposedPasswordsReport": {
-    "message": "Rapport sur les mots de passe exposés"
+    "message": "Mots de passe exposés"
   },
   "exposedPasswordsReportDesc": {
     "message": "Les mots de passe exposés lors d'une brèche de données sont des cibles faciles pour les attaquants. Changez ces mots de passe pour éviter des intrusions potentielles."
@@ -1879,10 +1879,10 @@
     }
   },
   "weakPasswordsReport": {
-    "message": "Rapport sur les mots de passe faibles"
+    "message": "Mots de passe faibles"
   },
   "weakPasswordsReportDesc": {
-    "message": "Les mots de passe faibles peuvent être facilement devinés par des pirates informatiques et des outils automatisés qui sont utilisés pour pirater les mots de passe. Le générateur de mots de passe Bitwarden peut vous aider à créer des mots de passe forts."
+    "message": "Les mots de passe faibles peuvent être facilement devinés par les assaillants. Remplacez ces mots de passe par des mots de passe robustes à l'aide du générateur de mots de passe."
   },
   "weakPasswordsFound": {
     "message": "Mots de passe faibles trouvés"
@@ -1900,10 +1900,10 @@
     "message": "Aucun élément dans votre coffre n'a de mots de passe faibles."
   },
   "reusedPasswordsReport": {
-    "message": "Rapport sur les mots de passe réutilisés"
+    "message": "Mots de passe réutilisés"
   },
   "reusedPasswordsReportDesc": {
-    "message": "Si un service que vous utilisez est compromis, la réutilisation du même mot de passe ailleurs peut permettre aux pirates d'accéder facilement à un plus grand nombre de vos comptes en ligne. Vous devriez utiliser un mot de passe unique pour chaque compte ou service."
+    "message": "La réutilisation des mots de passe permet aux assaillants de s'introduire plus facilement dans plusieurs comptes. Modifiez ces mots de passe afin que chacun soit unique."
   },
   "reusedPasswordsFound": {
     "message": "Mots de passe réutilisés trouvés"
@@ -1930,10 +1930,10 @@
     }
   },
   "dataBreachReport": {
-    "message": "Rapport sur les fuites de données"
+    "message": "Brèches de données"
   },
   "breachDesc": {
-    "message": "Les comptes ayant fait l'objet d'une brèche de données peuvent exposer vos informations personnelles. Sécurisez les comptes ayant fait l'objet d'une brèche de données en activant la fonction 2FA ou en créant un mot de passe plus robuste."
+    "message": "Les comptes ayant fait l'objet d'une brèche de données peuvent exposer vos informations personnelles. Sécurisez les comptes ayant fait l'objet d'une brèche de données en activant le 2FA ou en créant un mot de passe plus robuste."
   },
   "breachCheckUsernameEmail": {
     "message": "Vérifiez tous les noms d'utilisateur ou adresses électroniques que vous utilisez."
@@ -2290,7 +2290,7 @@
     "description": "Noun. A refunded payment that was charged."
   },
   "chargesStatement": {
-    "message": "Tous les frais apparaîtront sur votre relevé sous $STATEMENT_NAME$.",
+    "message": "Tous les frais apparaîtront sur votre relevé en tant que $STATEMENT_NAME$.",
     "placeholders": {
       "statement_name": {
         "content": "$1",
@@ -3675,7 +3675,7 @@
     "message": "Délai d'expiration du coffre"
   },
   "vaultTimeoutDesc": {
-    "message": "Choisissez quand votre coffre expirera et effectuera l'action sélectionnée."
+    "message": "Choisissez quand votre coffre entreprendra l'action après le délai d'expiration du coffre."
   },
   "vaultTimeoutLogoutDesc": {
     "message": "Choisissez quand votre coffre sera déconnecté."
@@ -3769,10 +3769,10 @@
     "message": "Le mot de passe principal que vous avez choisi est faible. Vous devriez utiliser un mot de passe principal fort (ou une phrase de passe) pour protéger correctement votre compte Bitwarden. Êtes-vous sûr de vouloir utiliser ce mot de passe principal ?"
   },
   "rotateAccountEncKey": {
-    "message": "Révoquer également la clé de chiffrement de mon compte"
+    "message": "Régénérer également la clé de chiffrement de mon compte"
   },
   "rotateEncKeyTitle": {
-    "message": "Faire pivoter la clé de chiffrement"
+    "message": "Régénérer la clé de chiffrement"
   },
   "rotateEncKeyConfirmation": {
     "message": "Êtes-vous sûr de vouloir révoquer la clé de chiffrement de votre compte ?"
@@ -3788,10 +3788,10 @@
     "description": "This is a verb. ex. 'Fix The Car'"
   },
   "oldAttachmentsNeedFixDesc": {
-    "message": "Il y a d'anciennes pièces jointes dans votre coffre qui doivent être réparées avant que vous ne puissiez révoquer la clé de chiffrement de votre compte."
+    "message": "Il y a d'anciennes pièces jointes dans votre coffre qui doivent être réparées avant que vous ne puissiez régénérer la clé de chiffrement de votre compte."
   },
   "yourAccountsFingerprint": {
-    "message": "La phrase d'empreinte de votre compte",
+    "message": "Phrase d'empreinte de votre compte",
     "description": "A 'fingerprint phrase' is a unique word phrase (similar to a passphrase) that a user can use to authenticate their public key with another user, for the purposes of sharing."
   },
   "fingerprintEnsureIntegrityVerify": {
@@ -4273,7 +4273,7 @@
     "message": "Accès d'urgence"
   },
   "emergencyAccessDesc": {
-    "message": "Accorder et gérer l'accès d'urgence pour les contacts de confiance. Les contacts de confiance peuvent demander l'accès à votre compte pour l'afficher ou en prendre le contrôle en cas d'urgence. Visitez notre page d'aide pour plus d'informations et de détails sur le fonctionnement du partage à divulgation nulle de connaissance."
+    "message": "Accordez et gérez l'accès d'urgence pour les contacts de confiance. Les contacts de confiance peuvent demander l'accès pour afficher ou reprendre le contrôle de votre compte en cas d'urgence. Consultez notre page d'aide pour plus d'informations et de détails sur le fonctionnement du partage à divulgation nulle de connaissance (zero knowledge sharing)."
   },
   "emergencyAccessOwnerWarning": {
     "message": "Vous êtes propriétaire d'une ou de plusieurs organisations. Si vous autorisez la prise de contrôle à un contact d'urgence, il sera en mesure d'utiliser toutes vos permissions de propriétaire après la prise de contrôle."
@@ -5513,7 +5513,7 @@
     "message": "Générer le Jeton"
   },
   "rotateToken": {
-    "message": "Permiter le Jeton"
+    "message": "Régénérer le jeton"
   },
   "rotateBillingSyncTokenWarning": {
     "message": "Si vous continuez, vous devrez reconfigurer la synchronisation de facturation sur votre serveur auto-hébergé."
@@ -5528,7 +5528,7 @@
     "message": "Pour configurer votre organisation sur votre propre serveur, vous devrez télécharger votre fichier de licence. Pour prendre en charge les forfaits Familles Gratuits et les fonctionnalités avancées de facturation pour votre organisation auto-hébergée, vous devrez configurer la synchronisation de facturation."
   },
   "billingSyncApiKeyRotated": {
-    "message": "Jeton permuté."
+    "message": "Jeton régénéré"
   },
   "billingSyncDesc": {
     "message": "La Synchronisation de Facturation fournit des forfaits Familles Gratuits pour les membres et des capacités de facturation avancées en liant votre Bitwarden auto-hébergé au serveur cloud Bitwarden."
@@ -5658,7 +5658,7 @@
     "message": "Historique de facturation"
   },
   "backToReports": {
-    "message": "Retour aux Rapports"
+    "message": "Retour aux rapports"
   },
   "organizationPicker": {
     "message": "Sélecteur d'organisation"
@@ -5838,11 +5838,11 @@
     "description": "the text, 'SCIM' and 'API', are acronymns and should not be translated."
   },
   "rotateScimKeyWarning": {
-    "message": "Êtes-vous sûr de vouloir régénérer la clé API du SCIM ? La clé actuelle ne fonctionnera plus pour les intégrations existantes.",
+    "message": "Êtes-vous sûr de vouloir régénérer la clé API SCIM ? La clé actuelle ne fonctionnera plus pour aucune intégration existante.",
     "description": "the text, 'SCIM' and 'API', are acronymns and should not be translated."
   },
   "rotateKey": {
-    "message": "Pivoter la Clé"
+    "message": "Régénérer la clé"
   },
   "scimApiKey": {
     "message": "Clé API SCIM",
@@ -6881,7 +6881,7 @@
     "message": "Mettez à jour vos paramètres de chiffrement pour répondre à de nouvelles recommandations de sécurité et améliorer la protection de votre compte."
   },
   "changeKdfLoggedOutWarning": {
-    "message": "En poursuivant, vous serez déconnecté de toutes les sessions actives. Vous devrez vous reconnecter et terminer le paramétrage de l'authentification à deux facteurs. Nous vous recommandons d'exporter votre coffre avant de modifier vos paramètres de chiffrement afin d'éviter toute perte de données."
+    "message": "En poursuivant, vous serez déconnecté de toutes les sessions actives. Vous devrez vous reconnecter et terminer la configuration de l'authentification à deux facteurs. Nous vous recommandons d'exporter votre coffre avant de modifier vos paramètres de chiffrement afin d'éviter toute perte de données."
   },
   "secretsManager": {
     "message": "Secrets Manager"
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Exiger que les membres existants changent leurs mots de passe"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Vous n'avez pas les droits pour supprimer ce projet",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7408,13 +7402,13 @@
     "message": "Paramètre de gestion de la collection mis à jour"
   },
   "passwordManagerPlanPrice": {
-    "message": "Prix du plan du Gestionnaire de Mots de Passe"
+    "message": "Prix du plan Password Manager"
   },
   "secretsManagerPlanPrice": {
     "message": "Prix du plan du Secrets Manager"
   },
   "passwordManager": {
-    "message": "Gestionnaire de Mots de Passe"
+    "message": "Password Manager"
   },
   "freeOrganization": {
     "message": "Organisation gratuite"
@@ -7607,9 +7601,46 @@
     "message": "Portail fournisseur"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Vous ne pouvez vous ajoutez vous-même aux groupes."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Vous ne pouvez vous ajoutez vous-même aux collections."
+  },
+  "assign": {
+    "message": "Assigner"
+  },
+  "assignToCollections": {
+    "message": "Assigner aux collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assigner à ces collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Sélectionnez les collections avec lesquelles les éléments seront partagés. Une fois qu'un élément est mis à jour dans une collection, il le sera aussi dans toutes ces collections. Seuls les membres de l'organisation ayant accès à ces collections pourront voir les éléments."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Sélectionnez les collections à assigner"
+  },
+  "noCollectionsAssigned": {
+    "message": "Aucune collection n'a été assignée"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Collections assignées avec succès"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Vous avez sélectionné $TOTAL_COUNT$ éléments. Vous ne pouvez pas mettre à jour $READONLY_COUNT$ de ces éléments parce que vous n'avez pas les autorisations pour les éditer.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Éléments"
   }
 }
diff --git a/apps/web/src/locales/gl/messages.json b/apps/web/src/locales/gl/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/gl/messages.json
+++ b/apps/web/src/locales/gl/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/he/messages.json b/apps/web/src/locales/he/messages.json
index c5c73ea8cd..0c8316fe49 100644
--- a/apps/web/src/locales/he/messages.json
+++ b/apps/web/src/locales/he/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/hi/messages.json b/apps/web/src/locales/hi/messages.json
index 3371cb837a..b00c912d7a 100644
--- a/apps/web/src/locales/hi/messages.json
+++ b/apps/web/src/locales/hi/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/hr/messages.json b/apps/web/src/locales/hr/messages.json
index 9f92b18436..4d47c12e86 100644
--- a/apps/web/src/locales/hr/messages.json
+++ b/apps/web/src/locales/hr/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/hu/messages.json b/apps/web/src/locales/hu/messages.json
index 27d7d9128c..e1f3682bbd 100644
--- a/apps/web/src/locales/hu/messages.json
+++ b/apps/web/src/locales/hu/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "A meglévő tagoknak meg kell változtatniuk jelszavaikat."
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Nincs jogosulltság ezen projekt törléséhez.",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Szolgáltató portál"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Nem adhadjuk magunkat a csoporthoz."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Nem adhadjuk magunkat a gyűjteményhez."
+  },
+  "assign": {
+    "message": "Hozzárendelés"
+  },
+  "assignToCollections": {
+    "message": "Hozzárendelés gyűjteményekhez"
+  },
+  "assignToTheseCollections": {
+    "message": "Hozzárendelés ezen gyűjteményekhez"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Válasszuk ki azokat a gyűjteményeket, amelyekkel az elemek megosztásra kerülnek. Ha egy elem egy gyűjteményben frissítésre kerül, az az összes gyűjteményben megjelenik. Csak az ezekhez a gyűjteményekhez hozzáféréssel rendelkező szervezeti tagok láthatják az elemeket."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Hozzárendelendő gyűjtemények kiválasztása"
+  },
+  "noCollectionsAssigned": {
+    "message": "Nem lettek gyűjtemények hozzárendelve."
+  },
+  "successfullyAssignedCollections": {
+    "message": "A gyűjtemények sikeresen hozzárendelésre kerültek."
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "$TOTAL_COUNT$ elem lett kiválasztva. Az elemek közül $READONLY_COUNT$ nem frissíthető, mert nincs szerkesztési jogosultság.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Elemek"
   }
 }
diff --git a/apps/web/src/locales/id/messages.json b/apps/web/src/locales/id/messages.json
index feb8fc4b64..83d6c42673 100644
--- a/apps/web/src/locales/id/messages.json
+++ b/apps/web/src/locales/id/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/it/messages.json b/apps/web/src/locales/it/messages.json
index 23347c35c8..c31ff1a5a2 100644
--- a/apps/web/src/locales/it/messages.json
+++ b/apps/web/src/locales/it/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Obbliga i membri esistenti a cambiare le loro password"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Non hai l'autorizzazione per eliminare questo progetto",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Portale Fornitori"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Non puoi aggiungerti da solo ai gruppi."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Non puoi aggiungerti da solo alle raccolte."
+  },
+  "assign": {
+    "message": "Assegna"
+  },
+  "assignToCollections": {
+    "message": "Assegna alle raccolte"
+  },
+  "assignToTheseCollections": {
+    "message": "Assegna a queste raccolte"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Seleziona le raccolte con cui questi elementi saranno condivisi. Una volta un elemento è aggiornato in una raccolta, la modifica si rifletterà in tutte le raccolte. Solo i membri dell'organizzazione con accesso a queste raccolte potranno visualizzare gli elementi."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Seleziona le raccolte da assegnare"
+  },
+  "noCollectionsAssigned": {
+    "message": "Nessuna raccolta è stata assegnata"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Raccolte assegnate"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Hai selezionato $TOTAL_COUNT$ elementi. Non puoi aggiornare $READONLY_COUNT$ elementi perché non hai l'autorizzazione per modificarli.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Elementi"
   }
 }
diff --git a/apps/web/src/locales/ja/messages.json b/apps/web/src/locales/ja/messages.json
index 35996a8967..c2e3e77b24 100644
--- a/apps/web/src/locales/ja/messages.json
+++ b/apps/web/src/locales/ja/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "パスワードを変更するには、メンバーが存在しないといけません"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "このプロジェクトを削除する権限がありません",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "コレクションに自分自身を追加することはできません。"
+  },
+  "assign": {
+    "message": "割り当て"
+  },
+  "assignToCollections": {
+    "message": "コレクションに割り当てる"
+  },
+  "assignToTheseCollections": {
+    "message": "これらのコレクションに割り当てる"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "アイテムを共有するコレクションを選択します。1つのコレクションでアイテムが更新されると、すべてのコレクションに反映されます。これらのコレクションにアクセスできる組織メンバーだけがアイテムを見ることができます。"
+  },
+  "selectCollectionsToAssign": {
+    "message": "割り当てるコレクションを選択"
+  },
+  "noCollectionsAssigned": {
+    "message": "コレクションが割り当てられていません"
+  },
+  "successfullyAssignedCollections": {
+    "message": "コレクションの割り当てに成功しました"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "$TOTAL_COUNT$ アイテムを選択しました。編集権限がないため、$READONLY_COUNT$ アイテムを更新できません。",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "アイテム"
   }
 }
diff --git a/apps/web/src/locales/ka/messages.json b/apps/web/src/locales/ka/messages.json
index ea5c0866d7..e288311956 100644
--- a/apps/web/src/locales/ka/messages.json
+++ b/apps/web/src/locales/ka/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/km/messages.json b/apps/web/src/locales/km/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/km/messages.json
+++ b/apps/web/src/locales/km/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/kn/messages.json b/apps/web/src/locales/kn/messages.json
index 469b2b79cc..02631198e3 100644
--- a/apps/web/src/locales/kn/messages.json
+++ b/apps/web/src/locales/kn/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/ko/messages.json b/apps/web/src/locales/ko/messages.json
index cb86ac7b43..1867603a0d 100644
--- a/apps/web/src/locales/ko/messages.json
+++ b/apps/web/src/locales/ko/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/lv/messages.json b/apps/web/src/locales/lv/messages.json
index a8e46f67d4..8c2df3012a 100644
--- a/apps/web/src/locales/lv/messages.json
+++ b/apps/web/src/locales/lv/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Pieprasīt esošajiem dalībniekiem nomainīt to paroles"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Nav nepieciešamo atļauju, lai izdzēstu šo projektu",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Nodrošinātāju portāls"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Tu nevari sevi pievienot kopām."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Tu nevari sevi pievienot krājumiem."
+  },
+  "assign": {
+    "message": "Piešķirt"
+  },
+  "assignToCollections": {
+    "message": "Piešķirt krājumiem"
+  },
+  "assignToTheseCollections": {
+    "message": "Piešķirt šiem krājumiem"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Jāatlasa krājumi, ar kuriem vienumi tiks kopīgoti. Tiklīdz kāds vienums tiks atjaunināts vienā krājumā, tas atspoguļosies visos pārējos. Tikai apvienības dalībnieki ar piekļuvi šiem krājumiem varēs redzēt vienumus."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Atlasīt krājumus, lai piešķirtu"
+  },
+  "noCollectionsAssigned": {
+    "message": "Neviens krājums nav piešķirts"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Krājumi veiksmīgi piešķirti"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Ir atlasīti $TOTAL_COUNT$ vienumi. Nevar atjaunināt $READONLY_COUNT$ no vienumiem, jo trūkst labošanas atļaujas.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Vienumi"
   }
 }
diff --git a/apps/web/src/locales/ml/messages.json b/apps/web/src/locales/ml/messages.json
index c58edfeb5a..81b6529793 100644
--- a/apps/web/src/locales/ml/messages.json
+++ b/apps/web/src/locales/ml/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/mr/messages.json b/apps/web/src/locales/mr/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/mr/messages.json
+++ b/apps/web/src/locales/mr/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/my/messages.json b/apps/web/src/locales/my/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/my/messages.json
+++ b/apps/web/src/locales/my/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/nb/messages.json b/apps/web/src/locales/nb/messages.json
index cd7aa8ddfd..8840ef7c85 100644
--- a/apps/web/src/locales/nb/messages.json
+++ b/apps/web/src/locales/nb/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/ne/messages.json b/apps/web/src/locales/ne/messages.json
index 9d0785812c..a42b9d71af 100644
--- a/apps/web/src/locales/ne/messages.json
+++ b/apps/web/src/locales/ne/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/nl/messages.json b/apps/web/src/locales/nl/messages.json
index 1d6155540c..ecdde73f68 100644
--- a/apps/web/src/locales/nl/messages.json
+++ b/apps/web/src/locales/nl/messages.json
@@ -579,7 +579,7 @@
     "message": "Toegang"
   },
   "accessLevel": {
-    "message": "Access level"
+    "message": "Toegangsniveau"
   },
   "loggedOut": {
     "message": "Uitgelogd"
@@ -660,13 +660,13 @@
     "message": "Geef je passkey een naam om deze later te herkennen."
   },
   "useForVaultEncryption": {
-    "message": "Use for vault encryption"
+    "message": "Gebruik voor kluis versleuteling"
   },
   "useForVaultEncryptionInfo": {
-    "message": "Log in and unlock on supported devices without your master password. Follow the prompts from your browser to finalize setup."
+    "message": "Meld aan en ontgrendel op ondersteunde apparaten zonder uw hoofdwachtwoord. Volg de aanwijzingen in uw browser om dit te activeren."
   },
   "useForVaultEncryptionErrorReadingPasskey": {
-    "message": "Error reading passkey. Try again or uncheck this option."
+    "message": "Fout bij lezen van passkey. Probeer het opnieuw of selecteer een andere optie."
   },
   "encryptionNotSupported": {
     "message": "Encryptie niet ondersteund"
@@ -2036,7 +2036,7 @@
     "message": "1 GB versleutelde opslag voor bijlagen."
   },
   "premiumSignUpTwoStepOptions": {
-    "message": "Proprietary two-step login options such as YubiKey and Duo."
+    "message": "Gepatenteerde 2 stap login opties zoals YubiKey en Duo."
   },
   "premiumSignUpEmergency": {
     "message": "Noodtoegang"
@@ -3621,7 +3621,7 @@
     "message": "Encryptiesleutel bijwerken"
   },
   "updateEncryptionSchemeDesc": {
-    "message": "We've changed the encryption scheme to provide better security. Update your encryption key now by entering your master password below."
+    "message": "Wij hebben de versleutelings- methode aangepast om betere beveiliging te kunnen leveren. Voer uw hoofdwachtwoord in om dit door te voeren."
   },
   "updateEncryptionKeyWarning": {
     "message": "Na het bijwerken van je encryptiesleutel moet je je afmelden en weer aanmelden bij alle Bitwarden-applicaties die je gebruikt (zoals de mobiele app of browserextensies). Als je niet opnieuw inlogt (wat je nieuwe encryptiesleutel downloadt), kan dit gegevensbeschadiging tot gevolg hebben. We proberen je automatisch uit te loggen, maar het kan zijn dat dit met enige vertraging gebeurt."
@@ -3781,7 +3781,7 @@
     "message": "Dit item heeft oude bestandsbijlagen die aangepast moeten worden."
   },
   "attachmentFixDescription": {
-    "message": "This attachment uses outdated encryption. Select 'Fix' to download, re-encrypt, and re-upload the attachment."
+    "message": "Deze bijlage maakt gebruik van verouderde versleuteling. Selecteer \"oplossen\" om het bestand te downloaden, opnieuw te versleutelen en vervolgens opnieuw te uploaden."
   },
   "fix": {
     "message": "Oplossen",
@@ -4044,10 +4044,10 @@
     "message": "Je kunt dit tabblad nu sluiten en doorgaan in de extensie."
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "U bent succesvol ingelogd"
   },
   "thisWindowWillCloseIn5Seconds": {
-    "message": "This window will automatically close in 5 seconds"
+    "message": "Dit scherm sluit automatisch over 5 seconden"
   },
   "includeAllTeamsFeatures": {
     "message": "Alle functionaliteit van Teams plus:"
@@ -4776,13 +4776,13 @@
     "message": "Accountherstel-administratie"
   },
   "accountRecoveryPolicyDesc": {
-    "message": "Based on the encryption method, recover accounts when master passwords or trusted devices are forgotten or lost."
+    "message": "Gebaseerd op de huidige versleutelings- methode, herstel accounts wanneer hoofdwachtwoorden of vertrouwde apparaten vergeten of vermist zijn."
   },
   "accountRecoveryPolicyWarning": {
-    "message": "Existing accounts with master passwords will require members to self-enroll before administrators can recover their accounts. Automatic enrollment will turn on account recovery for new members."
+    "message": "Bestaande accounts met hoofdwachtwoorden vereisen gebruikers om zelf in te schrijven voordat administratoren hun accounts kunnen herstellen. Automatische inschrijving zal automatisch account herstel inschakelen voor nieuwe gebruikers."
   },
   "accountRecoverySingleOrgRequirementDesc": {
-    "message": "The single organization Enterprise policy must be turned on before activating this policy."
+    "message": "Het enkele organisatie beleid moet aangezet zijn voordat dit beleid geactiveerd kan worden."
   },
   "resetPasswordPolicyAutoEnroll": {
     "message": "Automatische inschrijving"
@@ -5114,7 +5114,7 @@
     "message": "Automatisch invullen activeren"
   },
   "activateAutofillPolicyDesc": {
-    "message": "Activate the auto-fill on page load setting on the browser extension for all existing and new members."
+    "message": "Activeer de automatisch invullen wanneer de pagina geladen is instelling in de browser extensie voor bestaande en nieuwe gebruikers."
   },
   "experimentalFeature": {
     "message": "Gehackte of onbetrouwbare websites kunnen automatisch invullen bij laden van pagina misbruiken."
@@ -5412,7 +5412,7 @@
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
   },
   "ssoPolicyHelpAnchor": {
-    "message": "require single sign-on authentication policy",
+    "message": "vereis single sign-on authenticatie beleid",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
   },
   "ssoPolicyHelpEnd": {
@@ -5429,15 +5429,15 @@
     "message": "Key Connector"
   },
   "memberDecryptionKeyConnectorDescStart": {
-    "message": "Connect login with SSO to your self-hosted decryption key server. Using this option, members won’t need to use their master passwords to decrypt vault data. The",
+    "message": "Verbind inloggen met SSO naar je zelf beheerde Decoderingsserver. Door deze optie te gebruiken hoeven gebruikers niet hun hoofdwachtwoord te gebruiken om kluis data te decoderen. Het",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Connect login with SSO to your self-hosted decryption key server. Using this option, members won’t need to use their master passwords to decrypt vault data. The require SSO authentication and single organization policies are required to set up Key Connector decryption. Contact Bitwarden Support for set up assistance.'"
   },
   "memberDecryptionKeyConnectorDescLink": {
-    "message": "require SSO authentication and single organization policies",
+    "message": "vereis het SSO authenticatie beleid en het enkele organisatie beleid",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Connect login with SSO to your self-hosted decryption key server. Using this option, members won’t need to use their master passwords to decrypt vault data. The require SSO authentication and single organization policies are required to set up Key Connector decryption. Contact Bitwarden Support for set up assistance.'"
   },
   "memberDecryptionKeyConnectorDescEnd": {
-    "message": "are required to set up Key Connector decryption. Contact Bitwarden Support for set up assistance.",
+    "message": "is vereist om Key Connector decryptie in te stellen. Contacteer Bitwarden support voor assistentie.",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Connect login with SSO to your self-hosted decryption key server. Using this option, members won’t need to use their master passwords to decrypt vault data. The require SSO authentication and single organization policies are required to set up Key Connector decryption. Contact Bitwarden Support for set up assistance.'"
   },
   "keyConnectorPolicyRestriction": {
@@ -6197,7 +6197,7 @@
     }
   },
   "deleteServiceAccountToast": {
-    "message": "Service account deleted"
+    "message": "Service account verwijderd"
   },
   "deleteServiceAccountsToast": {
     "message": "Serviceaccounts verwijderd"
@@ -6734,7 +6734,7 @@
     }
   },
   "teamsStarterPlanInvLimitReachedManageBilling": {
-    "message": "Teams Starter plans may have up to $SEATCOUNT$ members. Upgrade to your plan to invite more members.",
+    "message": "Gratis organisaties beschikken maximaal over $SEATCOUNT$ leden. Upgrade je abonnement om meer leden uit te kunnen nodigen.",
     "placeholders": {
       "seatcount": {
         "content": "$1",
@@ -6881,7 +6881,7 @@
     "message": "Werk je versleutelingsinstellingen bij om aan de nieuwe beveiligingsaanbevelingen te voldoen en de bescherming van je account te verbeteren."
   },
   "changeKdfLoggedOutWarning": {
-    "message": "Proceeding will log you out of all active sessions. You will need to log back in and complete two-step login setup. We recommend exporting your vault before changing your encryption settings to prevent data loss."
+    "message": "Als u doorgaat zullen al uw actieve sessies word uitgelogd. U zult zich opnieuw aan moeten melden en 2 stappen verificatie moeten instellen. Wij raden u aan om uw gegevens eerst te exporteren voordat u uw encryptie instellingen aanpast om data verlies te voorkomen."
   },
   "secretsManager": {
     "message": "Secrets Manager"
@@ -7020,10 +7020,10 @@
     "message": "Gelekt hoofdwachtwoord"
   },
   "exposedMasterPasswordDesc": {
-    "message": "Password found in a data breach. Use a unique password to protect your account. Are you sure you want to use an exposed password?"
+    "message": "Dit wachtwoord is gevonden in een datalek. Gebruik een uniek wachtwoord om je account te beveiligen. Weet je zeker dat je een gelekt wachtwoord wil gebruiken?"
   },
   "weakAndExposedMasterPassword": {
-    "message": "Weak and Exposed Master Password"
+    "message": "Zwak en gelekt hoofdwachtwoord"
   },
   "weakAndBreachedMasterPasswordDesc": {
     "message": "Zwak wachtwoord geïdentificeerd en gevonden in een datalek. Gebruik een sterk en uniek wachtwoord om je account te beschermen. Weet je zeker dat je dit wachtwoord wilt gebruiken?"
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Verplicht bestaande leden hun wachtwoord te wijzigen"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Je hebt geen rechten om dit project te verwijderen",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7277,7 +7271,7 @@
     "message": "Volgende"
   },
   "ssoLoginIsRequired": {
-    "message": "SSO login is required"
+    "message": "SSO login is vereist"
   },
   "selectedRegionFlag": {
     "message": "Geselecteerde regionale vlag"
@@ -7429,7 +7423,7 @@
     "message": "Service account limiet (optioneel)"
   },
   "maxServiceAccountCost": {
-    "message": "Max potential service account cost"
+    "message": "Maximale potentiële service account kosten"
   },
   "loggedInExclamation": {
     "message": "Ingelogd!"
@@ -7450,7 +7444,7 @@
     "message": "Aliasdomein"
   },
   "alreadyHaveAccount": {
-    "message": "Already have an account?"
+    "message": "Heb je al een account?"
   },
   "skipToContent": {
     "message": "Ga naar de inhoud"
@@ -7477,7 +7471,7 @@
     }
   },
   "seeDetailedInstructions": {
-    "message": "See detailed instructions on our help site at",
+    "message": "Zie gedetailleerde instructies op onze hulp pagina hier",
     "description": "This is followed a by a hyperlink to the help website."
   },
   "installBrowserExtension": {
@@ -7493,13 +7487,13 @@
     "message": "Er is een onverwachte fout opgetreden tijdens het laden van deze Send. Probeer het later opnieuw."
   },
   "seatLimitReached": {
-    "message": "Seat limit has been reached"
+    "message": "Gebruikers limiet is bereikt"
   },
   "contactYourProvider": {
-    "message": "Contact your provider to purchase additional seats."
+    "message": "Contacteer uw provider om aanvullende licenties aan te schaffen."
   },
   "seatLimitReachedContactYourProvider": {
-    "message": "Seat limit has been reached. Contact your provider to purchase additional seats."
+    "message": "De limiet voor het aantal gebruikers is bereikt. Contacteer je provider om aanvullende licenties aan te schaffen."
   },
   "collectionAccessRestricted": {
     "message": "Collectietoegang is beperkt"
@@ -7517,7 +7511,7 @@
     "message": "Toegang tot serviceaccount bijgewerkt"
   },
   "commonImportFormats": {
-    "message": "Common formats",
+    "message": "Gangbare formaten",
     "description": "Label indicating the most common import formats"
   },
   "maintainYourSubscription": {
@@ -7607,9 +7601,46 @@
     "message": "Providerportaal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Het is niet mogelijk om jezelf toe te voegen aan groepen."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Het is niet mogelijk om jezelf toe te voegen aan collecties."
+  },
+  "assign": {
+    "message": "Toewijzen"
+  },
+  "assignToCollections": {
+    "message": "Toewijzen aan collecties"
+  },
+  "assignToTheseCollections": {
+    "message": "Aan deze collecties toewijzen"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Selecteer de collecies om de items mee te delen. Zodra een item in een collectie is bijgewerkt, werkt dat door in alle collecties. Alleen organisatieleden met toegang tot deze collecties kunnen de items zien."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Collecties voor toewijzen selecteren"
+  },
+  "noCollectionsAssigned": {
+    "message": "Er zijn geen collecties toegewezen"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Succesvol toegewezen collecties"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Je hebt $TOTAL_COUNT$ items geselecteerd. Je kunt $READONLY_COUNT$ items niet bijwerken omdat je geen bewerkrechten hebt.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/nn/messages.json b/apps/web/src/locales/nn/messages.json
index 01293c1427..7ac2fff5ce 100644
--- a/apps/web/src/locales/nn/messages.json
+++ b/apps/web/src/locales/nn/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/or/messages.json b/apps/web/src/locales/or/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/or/messages.json
+++ b/apps/web/src/locales/or/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/pl/messages.json b/apps/web/src/locales/pl/messages.json
index f52830ec9c..08d6748023 100644
--- a/apps/web/src/locales/pl/messages.json
+++ b/apps/web/src/locales/pl/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Wymagaj od istniejących członków zmiany haseł"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Nie masz uprawnień do usunięcia tego projektu",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Przypisz"
+  },
+  "assignToCollections": {
+    "message": "Przypisz do kolekcji"
+  },
+  "assignToTheseCollections": {
+    "message": "Przypisz do tych kolekcji"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Wybierz kolekcje, z którymi elementy będą udostępniane. Gdy element zostanie zaktualizowany w jednej kolekcji, zostanie to odzwierciedlone we wszystkich kolekcjach. Tylko członkowie organizacji z dostępem do tych kolekcji będą mogli zobaczyć te elementy."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Wybierz kolekcje do przypisania"
+  },
+  "noCollectionsAssigned": {
+    "message": "Nie przypisano kolekcji"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Pomyślnie przypisano kolekcje"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Wybrałeś $TOTAL_COUNT$ elementów. Nie możesz zaktualizować $READONLY_COUNT$ elementów, ponieważ nie masz uprawnień do edycji.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Elementy"
   }
 }
diff --git a/apps/web/src/locales/pt_BR/messages.json b/apps/web/src/locales/pt_BR/messages.json
index abbce405aa..5ff05ed37e 100644
--- a/apps/web/src/locales/pt_BR/messages.json
+++ b/apps/web/src/locales/pt_BR/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Você não tem permissão para excluir este projeto",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Provider Portal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Você não pode se adicionar aos grupos."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Você não pode se adicionar às coleções."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/pt_PT/messages.json b/apps/web/src/locales/pt_PT/messages.json
index 113f0d05b4..0c8c809ffc 100644
--- a/apps/web/src/locales/pt_PT/messages.json
+++ b/apps/web/src/locales/pt_PT/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Exigir que os membros existentes alterem as suas palavras-passe"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Não tem permissões para eliminar este projeto",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "Não se pode adicionar a si próprio a coleções."
+  },
+  "assign": {
+    "message": "Atribuir"
+  },
+  "assignToCollections": {
+    "message": "Atribuir às coleções"
+  },
+  "assignToTheseCollections": {
+    "message": "Atribuir a estas coleções"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Selecione as coleções com as quais os itens serão partilhados. Assim que um item for atualizado numa coleção, será refletido em todas as coleções. Apenas os membros da organização com acesso a estas coleções poderão ver os itens."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Selecione as coleções a atribuir"
+  },
+  "noCollectionsAssigned": {
+    "message": "Não foram atribuídas quaisquer coleções"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Coleções atribuídas com sucesso"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Selecionou $TOTAL_COUNT$ itens. Não pode atualizar $READONLY_COUNT$ dos itens porque não tem permissões de edição.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Itens"
   }
 }
diff --git a/apps/web/src/locales/ro/messages.json b/apps/web/src/locales/ro/messages.json
index 2e33db6496..244395daaa 100644
--- a/apps/web/src/locales/ro/messages.json
+++ b/apps/web/src/locales/ro/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/ru/messages.json b/apps/web/src/locales/ru/messages.json
index 3fa36c2e85..b68b045bbb 100644
--- a/apps/web/src/locales/ru/messages.json
+++ b/apps/web/src/locales/ru/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Требовать от существующих пользователей смены паролей"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "У вас недостаточно прав для удаления этого проекта",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Портал провайдера"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Нельзя добавить самого себя в группы."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Нельзя добавить самого себя в коллекции."
+  },
+  "assign": {
+    "message": "Назначить"
+  },
+  "assignToCollections": {
+    "message": "Назначить коллекциям"
+  },
+  "assignToTheseCollections": {
+    "message": "Назначить этим коллекциям"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Выберите коллекции, в которые будут переданы элементы. Если элемент обновлен в одной коллекции, это изменение будет отражено во всех коллекциях. Только члены организации, имеющие доступ к этим коллекциям, смогут видеть элементы."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Выбрать коллекции для назначения"
+  },
+  "noCollectionsAssigned": {
+    "message": "Коллекции не назначены"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Коллекции успешно назначены"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Вы выбрали $TOTAL_COUNT$ элемента(-ов). Вы не можете обновить $READONLY_COUNT$ элемента(-ов), поскольку у вас нет прав на редактирование.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Элементы"
   }
 }
diff --git a/apps/web/src/locales/si/messages.json b/apps/web/src/locales/si/messages.json
index 9a14fed113..ce4df3eeda 100644
--- a/apps/web/src/locales/si/messages.json
+++ b/apps/web/src/locales/si/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/sk/messages.json b/apps/web/src/locales/sk/messages.json
index a817df1535..74f68fc0cc 100644
--- a/apps/web/src/locales/sk/messages.json
+++ b/apps/web/src/locales/sk/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Požadovať po súčasných členoch, aby si zmenili heslo"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Na odstránenie tohto projektu nemáte oprávnenia",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Portál poskytovateľa"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Seba nemôžete pridať do skupín."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Seba nemôžete pridať do zbierok."
+  },
+  "assign": {
+    "message": "Prideliť"
+  },
+  "assignToCollections": {
+    "message": "Prideliť k zbierkam"
+  },
+  "assignToTheseCollections": {
+    "message": "Prideliť k týmto zbierkam"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Vyberte zbierky s ktorými budú položky zdieľané. Zmeny položky v jednej zbierke sa prejavia vo všetkých zbierkach. Iba členovia organizácie s prístupom k týmto zbierkam budu položky vidieť."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Vyberte zbierky na pridelenie"
+  },
+  "noCollectionsAssigned": {
+    "message": "Neboli pridelené žiadne zbierky"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Úspešne pridelené zbierky"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Vybrali ste $TOTAL_COUNT$ položiek. Nemôžete aktualizovať $READONLY_COUNT$ položiek, pretože nemáte oprávnenie na úpravu.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Položky"
   }
 }
diff --git a/apps/web/src/locales/sl/messages.json b/apps/web/src/locales/sl/messages.json
index e295033c79..4982120003 100644
--- a/apps/web/src/locales/sl/messages.json
+++ b/apps/web/src/locales/sl/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/sr/messages.json b/apps/web/src/locales/sr/messages.json
index 0132f2ca0a..f5fe041433 100644
--- a/apps/web/src/locales/sr/messages.json
+++ b/apps/web/src/locales/sr/messages.json
@@ -579,7 +579,7 @@
     "message": "Приступ"
   },
   "accessLevel": {
-    "message": "Access level"
+    "message": "Ниво приступа"
   },
   "loggedOut": {
     "message": "Одјављено"
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Захтевајте од постојећих чланова да промене њихове лозинке"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Немате дозволе да избришете овај пројекат",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Портал провајдера"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Не можете да се додате у групе."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Не можете да се додате у колекције."
+  },
+  "assign": {
+    "message": "Додели"
+  },
+  "assignToCollections": {
+    "message": "Додели колекцијама"
+  },
+  "assignToTheseCollections": {
+    "message": "Додели овим колекцијама"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Изаберите колекције са којима ће се ставке делити. Када се ставка ажурира у једној колекцији, она ће се одразити на све колекције. Само чланови организације са приступом овим колекцијама ће моћи да виде ставке."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Изаберите колекције за доделу"
+  },
+  "noCollectionsAssigned": {
+    "message": "Није додељена ниједна колекција"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Успешно додељене колекције"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Одабрали сте $TOTAL_COUNT$ ставки. Не можете да ажурирате $READONLY_COUNT$ од ставки јер немате дозволе за уређивање.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Ставке"
   }
 }
diff --git a/apps/web/src/locales/sr_CS/messages.json b/apps/web/src/locales/sr_CS/messages.json
index 675a53c953..4553f85c33 100644
--- a/apps/web/src/locales/sr_CS/messages.json
+++ b/apps/web/src/locales/sr_CS/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/sv/messages.json b/apps/web/src/locales/sv/messages.json
index a3f17c2b97..8765baaa3b 100644
--- a/apps/web/src/locales/sv/messages.json
+++ b/apps/web/src/locales/sv/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Provider Portal"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Du kan inte lägga till dig själv i grupper."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Du kan inte lägga till dig själv i samlingar."
+  },
+  "assign": {
+    "message": "Tilldela"
+  },
+  "assignToCollections": {
+    "message": "Tilldela till samlingar"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Välj samlingar att tilldela"
+  },
+  "noCollectionsAssigned": {
+    "message": "Inga samlingar har tilldelats"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Objekt"
   }
 }
diff --git a/apps/web/src/locales/te/messages.json b/apps/web/src/locales/te/messages.json
index 65bb71e854..ad51cf605f 100644
--- a/apps/web/src/locales/te/messages.json
+++ b/apps/web/src/locales/te/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/th/messages.json b/apps/web/src/locales/th/messages.json
index 74a6f3467c..69ee59eb26 100644
--- a/apps/web/src/locales/th/messages.json
+++ b/apps/web/src/locales/th/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/tr/messages.json b/apps/web/src/locales/tr/messages.json
index 3ce163ab53..fb626b82f5 100644
--- a/apps/web/src/locales/tr/messages.json
+++ b/apps/web/src/locales/tr/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Mevcut üyelerin parolalarını değiştirmelerini zorunlu tut"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "Bu projeyi silme izniniz yok",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Sağlayıcı Portalı"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Kendinizi gruplara ekleyemezsiniz."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Kendinizi koleksiyonlara ekleyemezsiniz."
+  },
+  "assign": {
+    "message": "Ata"
+  },
+  "assignToCollections": {
+    "message": "Koleksiyonlara ata"
+  },
+  "assignToTheseCollections": {
+    "message": "Bu koleksiyonlara ata"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Öğelerin paylaşılacağı koleksiyonları seçin. Bir koleksiyondaki bir öğe güncellendiğinde tüm koleksiyonlara yansıtılacaktır. Öğeleri yalnızca bu koleksiyonlara erişimi olan kuruluş üyeleri görebilir."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Atanacak koleksiyonları seçin"
+  },
+  "noCollectionsAssigned": {
+    "message": "Hiçbir koleksiyon atanmadı"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Başarıyla atanan koleksiyonlar"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "$TOTAL_COUNT$ öğe seçtiniz. Düzenleme izniniz olmadığı için $READONLY_COUNT$ öğeyi güncelleyemezsiniz.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Ögeler"
   }
 }
diff --git a/apps/web/src/locales/uk/messages.json b/apps/web/src/locales/uk/messages.json
index f316db1d2a..e2d2e6163c 100644
--- a/apps/web/src/locales/uk/messages.json
+++ b/apps/web/src/locales/uk/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Вимагати від наявних учасників змінювати паролі"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "У вас немає дозволу на видалення цього проєкту",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7607,9 +7601,46 @@
     "message": "Портал провайдера"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "Ви не можете додати себе до груп."
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "Ви не можете додати себе до збірок."
+  },
+  "assign": {
+    "message": "Призначити"
+  },
+  "assignToCollections": {
+    "message": "Призначити до збірок"
+  },
+  "assignToTheseCollections": {
+    "message": "Призначити до цих збірок"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Оберіть збірки, в яких поширюватимуться записи. Після оновлення запису в одній збірці зміни буде відображено у всіх збірках. Лише учасники організації з доступом до цих збірок зможуть переглядати записи."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Оберіть збірки для призначення"
+  },
+  "noCollectionsAssigned": {
+    "message": "Не призначено жодної збірки"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Збірки успішно призначено"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "Ви вибрали $TOTAL_COUNT$ записів. Ви не можете оновити $READONLY_COUNT$ записів, тому що у вас немає доступу на редагування.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Записи"
   }
 }
diff --git a/apps/web/src/locales/vi/messages.json b/apps/web/src/locales/vi/messages.json
index a6895c7a45..316704ffdf 100644
--- a/apps/web/src/locales/vi/messages.json
+++ b/apps/web/src/locales/vi/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "Require existing members to change their passwords"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "You don't have permissions to delete this project",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/locales/zh_CN/messages.json b/apps/web/src/locales/zh_CN/messages.json
index 5e8dd05591..e7668f85d5 100644
--- a/apps/web/src/locales/zh_CN/messages.json
+++ b/apps/web/src/locales/zh_CN/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "要求现有成员更改他们的密码"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "您无权删除此工程",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7484,7 +7478,7 @@
     "message": "安装浏览器扩展"
   },
   "installBrowserExtensionDetails": {
-    "message": "使用扩展快速保存登录信息和自动填充表单，而无需打开网页应用程序。"
+    "message": "使用扩展快速保存登录信息和自动填充表单，而无需打开网页 App。"
   },
   "projectAccessUpdated": {
     "message": "工程访问权限已更新"
@@ -7517,7 +7511,7 @@
     "message": "服务账户访问权限已更新"
   },
   "commonImportFormats": {
-    "message": "通用格式",
+    "message": "常规格式",
     "description": "Label indicating the most common import formats"
   },
   "maintainYourSubscription": {
@@ -7539,7 +7533,7 @@
     "description": "This describes new features and improvements for user roles and collections"
   },
   "collectionEnhancementsLearnMore": {
-    "message": "了解更多关于集合管理"
+    "message": "了解更多关于集合管理的信息"
   },
   "organizationInformation": {
     "message": "组织信息"
@@ -7595,7 +7589,7 @@
     "message": "免费 1 年"
   },
   "newWebApp": {
-    "message": "欢迎来到全新改进的网页应用。了解更多更新信息。"
+    "message": "欢迎使用全新改进的网页 App。了解更多有关变更的信息。"
   },
   "releaseBlog": {
     "message": "阅读发布博客"
@@ -7607,9 +7601,46 @@
     "message": "提供商门户"
   },
   "restrictedGroupAccess": {
-    "message": "You cannot add yourself to groups."
+    "message": "您不能将自己添加到群组。"
   },
   "restrictedCollectionAccess": {
-    "message": "You cannot add yourself to collections."
+    "message": "您不能将自己添加到集合。"
+  },
+  "assign": {
+    "message": "分配"
+  },
+  "assignToCollections": {
+    "message": "分配到集合"
+  },
+  "assignToTheseCollections": {
+    "message": "分配到这些集合"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "选择要共享项目的集合。当一个项目在某个集合中更新后，它将反映在所有集合中。只有能够访问这些集合的组织成员才能看到此项目。"
+  },
+  "selectCollectionsToAssign": {
+    "message": "选择要分配的集合"
+  },
+  "noCollectionsAssigned": {
+    "message": "没有分配任何集合"
+  },
+  "successfullyAssignedCollections": {
+    "message": "成功分配了集合"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "您选择了 $TOTAL_COUNT$ 个项目。其中的 $READONLY_COUNT$ 个项目由于您没有编辑权限，您将无法更新它们。",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "项目"
   }
 }
diff --git a/apps/web/src/locales/zh_TW/messages.json b/apps/web/src/locales/zh_TW/messages.json
index d59e9943aa..0fa0838f2d 100644
--- a/apps/web/src/locales/zh_TW/messages.json
+++ b/apps/web/src/locales/zh_TW/messages.json
@@ -7063,12 +7063,6 @@
   "enforceOnLoginDesc": {
     "message": "要求現有成員變更他們的密碼"
   },
-  "usDomain": {
-    "message": "bitwarden.com"
-  },
-  "euDomain": {
-    "message": "bitwarden.eu"
-  },
   "smProjectDeleteAccessRestricted": {
     "message": "您沒有刪除這此專案的權限",
     "description": "The individual description shown to the user when the user doesn't have access to delete a project."
@@ -7611,5 +7605,42 @@
   },
   "restrictedCollectionAccess": {
     "message": "You cannot add yourself to collections."
+  },
+  "assign": {
+    "message": "Assign"
+  },
+  "assignToCollections": {
+    "message": "Assign to collections"
+  },
+  "assignToTheseCollections": {
+    "message": "Assign to these collections"
+  },
+  "bulkCollectionAssignmentDialogDescription": {
+    "message": "Select the collections that the items will be shared with. Once an item is updated in one collection, it will be reflected in all collections. Only organization members with access to these collections will be able to see the items."
+  },
+  "selectCollectionsToAssign": {
+    "message": "Select collections to assign"
+  },
+  "noCollectionsAssigned": {
+    "message": "No collections have been assigned"
+  },
+  "successfullyAssignedCollections": {
+    "message": "Successfully assigned collections"
+  },
+  "bulkCollectionAssignmentWarning": {
+    "message": "You have selected $TOTAL_COUNT$ items. You cannot update $READONLY_COUNT$ of the items because you do not have edit permissions.",
+    "placeholders": {
+      "total_count": {
+        "content": "$1",
+        "example": "10"
+      },
+      "readonly_count": {
+        "content": "$2",
+        "example": "3"
+      }
+    }
+  },
+  "items": {
+    "message": "Items"
   }
 }
diff --git a/apps/web/src/translation-constants.ts b/apps/web/src/translation-constants.ts
index dfdcc7c1f5..aa18b319bb 100644
--- a/apps/web/src/translation-constants.ts
+++ b/apps/web/src/translation-constants.ts
@@ -10,6 +10,7 @@ export const SupportedTranslationLocales: string[] = [
   "bs",
   "ca",
   "cs",
+  "cy",
   "da",
   "de",
   "el",
@@ -19,9 +20,11 @@ export const SupportedTranslationLocales: string[] = [
   "es",
   "et",
   "eu",
+  "fa",
   "fi",
   "fil",
   "fr",
+  "gl",
   "he",
   "hi",
   "hr",
@@ -35,9 +38,13 @@ export const SupportedTranslationLocales: string[] = [
   "ko",
   "lv",
   "ml",
+  "mr",
+  "my",
   "nb",
+  "ne",
   "nl",
   "nn",
+  "or",
   "pl",
   "pt-PT",
   "pt-BR",
@@ -48,6 +55,8 @@ export const SupportedTranslationLocales: string[] = [
   "sl",
   "sr",
   "sv",
+  "te",
+  "th",
   "tr",
   "uk",
   "vi",
diff --git a/apps/web/tsconfig.json b/apps/web/tsconfig.json
index ba8060b93a..543d7f25b1 100644
--- a/apps/web/tsconfig.json
+++ b/apps/web/tsconfig.json
@@ -15,6 +15,7 @@
       "@bitwarden/vault-export-core": [
         "../../libs/tools/export/vault-export/vault-export-core/src"
       ],
+      "@bitwarden/vault-export-ui": ["../../libs/tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["../../libs/importer/src"],
       "@bitwarden/importer/ui": ["../../libs/importer/src/components"],
       "@bitwarden/platform": ["../../libs/platform/src"],
diff --git a/apps/web/webpack.config.js b/apps/web/webpack.config.js
index b62299a7a7..815a8aff9e 100644
--- a/apps/web/webpack.config.js
+++ b/apps/web/webpack.config.js
@@ -171,6 +171,7 @@ const plugins = [
     PAYPAL_CONFIG: envConfig["paypal"] ?? {},
     FLAGS: envConfig["flags"] ?? {},
     DEV_FLAGS: NODE_ENV === "development" ? envConfig["devFlags"] : {},
+    ADDITIONAL_REGIONS: envConfig["additionalRegions"] ?? [],
   }),
   new AngularWebpackPlugin({
     tsConfigPath: "tsconfig.json",
@@ -193,39 +194,44 @@ const devServer =
           },
         },
         // host: '192.168.1.9',
-        proxy: {
-          "/api": {
+        proxy: [
+          {
+            context: ["/api"],
             target: envConfig.dev?.proxyApi,
             pathRewrite: { "^/api": "" },
             secure: false,
             changeOrigin: true,
           },
-          "/identity": {
+          {
+            context: ["/identity"],
             target: envConfig.dev?.proxyIdentity,
             pathRewrite: { "^/identity": "" },
             secure: false,
             changeOrigin: true,
           },
-          "/events": {
+          {
+            context: ["/events"],
             target: envConfig.dev?.proxyEvents,
             pathRewrite: { "^/events": "" },
             secure: false,
             changeOrigin: true,
           },
-          "/notifications": {
+          {
+            context: ["/notifications"],
             target: envConfig.dev?.proxyNotifications,
             pathRewrite: { "^/notifications": "" },
             secure: false,
             changeOrigin: true,
             ws: true,
           },
-          "/icons": {
+          {
+            context: ["/icons"],
             target: envConfig.dev?.proxyIcons,
             pathRewrite: { "^/icons": "" },
             secure: false,
             changeOrigin: true,
           },
-        },
+        ],
         headers: (req) => {
           if (!req.originalUrl.includes("connector.html")) {
             return {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
index ef8ba2838a..8e8db457e5 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
@@ -1,6 +1,7 @@
 import { Component, OnInit } from "@angular/core";
 import { UntypedFormBuilder, FormControl } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -76,13 +77,13 @@ export class ScimComponent implements OnInit {
       apiKeyRequest,
     );
     this.formData.setValue({
-      endpointUrl: this.getScimEndpointUrl(),
+      endpointUrl: await this.getScimEndpointUrl(),
       clientSecret: apiKeyResponse.apiKey,
     });
   }
 
   async copyScimUrl() {
-    this.platformUtilsService.copyToClipboard(this.getScimEndpointUrl());
+    this.platformUtilsService.copyToClipboard(await this.getScimEndpointUrl());
   }
 
   async rotateScimKey() {
@@ -106,7 +107,7 @@ export class ScimComponent implements OnInit {
     try {
       const response = await this.rotatePromise;
       this.formData.setValue({
-        endpointUrl: this.getScimEndpointUrl(),
+        endpointUrl: await this.getScimEndpointUrl(),
         clientSecret: response.apiKey,
       });
       this.platformUtilsService.showToast("success", null, this.i18nService.t("scimApiKeyRotated"));
@@ -148,8 +149,9 @@ export class ScimComponent implements OnInit {
     this.formPromise = null;
   }
 
-  getScimEndpointUrl() {
-    return this.environmentService.getScimUrl() + "/" + this.organizationId;
+  async getScimEndpointUrl() {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    return env.getScimUrl() + "/" + this.organizationId;
   }
 
   toggleScimKey() {
@@ -163,7 +165,7 @@ export class ScimComponent implements OnInit {
       this.showScimSettings = true;
       this.enabled.setValue(true);
       this.formData.setValue({
-        endpointUrl: this.getScimEndpointUrl(),
+        endpointUrl: await this.getScimEndpointUrl(),
         clientSecret: "",
       });
       await this.loadApiKey();
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.ts
index 5f45379442..b8afe1c235 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.ts
@@ -6,7 +6,7 @@ import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { Provider } from "@bitwarden/common/admin-console/models/domain/provider";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { IconModule, LayoutComponent, NavigationModule } from "@bitwarden/components";
 import { ProviderPortalLogo } from "@bitwarden/web-vault/app/admin-console/icons/provider-portal-logo";
 import { PaymentMethodWarningsModule } from "@bitwarden/web-vault/app/billing/shared";
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
index 35e3a8bad3..b3d3112bf5 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
@@ -5,7 +5,7 @@ import { first } from "rxjs/operators";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ProviderSetupRequest } from "@bitwarden/common/admin-console/models/request/provider/provider-setup.request";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction as ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
diff --git a/bitwarden_license/bit-web/src/app/app-routing.module.ts b/bitwarden_license/bit-web/src/app/app-routing.module.ts
index 0f10da154b..f3f3c15870 100644
--- a/bitwarden_license/bit-web/src/app/app-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/app-routing.module.ts
@@ -13,6 +13,7 @@ const routes: Routes = [
   },
   {
     path: "sm",
+    canActivate: [deepLinkGuard()],
     loadChildren: async () =>
       (await import("./secrets-manager/secrets-manager.module")).SecretsManagerModule,
   },
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
index 2c02e89e24..72a073e0c0 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@@ -9,7 +9,7 @@
   <span class="tw-sr-only">{{ "loading" | i18n }}</span>
 </ng-container>
 
-<form [formGroup]="ssoConfigForm" [bitSubmit]="submit" *ngIf="!loading">
+<form [formGroup]="ssoConfigForm" [bitSubmit]="submit" *ngIf="!loading" class="tw-w-2/3">
   <p>
     {{ "ssoPolicyHelpStart" | i18n }}
     <a routerLink="../policies">{{ "ssoPolicyHelpAnchor" | i18n }}</a>
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
index d5a1aebdd8..45cfc02a09 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
@@ -26,7 +26,7 @@ import { SsoConfigApi } from "@bitwarden/common/auth/models/api/sso-config.api";
 import { OrganizationSsoRequest } from "@bitwarden/common/auth/models/request/organization-sso.request";
 import { OrganizationSsoResponse } from "@bitwarden/common/auth/models/response/organization-sso.response";
 import { SsoConfigView } from "@bitwarden/common/auth/models/view/sso-config.view";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -186,7 +186,7 @@ export class SsoComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private organizationService: OrganizationService,
     private organizationApiService: OrganizationApiServiceAbstraction,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.ts
index cd117819a9..30f4308a39 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.ts
@@ -1,6 +1,6 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
-import { map } from "rxjs";
+import { concatMap } from "rxjs";
 
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -14,7 +14,9 @@ export class NavigationComponent {
   protected readonly logo = SecretsManagerLogo;
   protected orgFilter = (org: Organization) => org.canAccessSecretsManager;
   protected isAdmin$ = this.route.params.pipe(
-    map(async (params) => (await this.organizationService.get(params.organizationId))?.isAdmin),
+    concatMap(
+      async (params) => (await this.organizationService.get(params.organizationId))?.isAdmin,
+    ),
   );
 
   constructor(
diff --git a/bitwarden_license/bit-web/tsconfig.json b/bitwarden_license/bit-web/tsconfig.json
index 01610c5e4a..0f19c6736a 100644
--- a/bitwarden_license/bit-web/tsconfig.json
+++ b/bitwarden_license/bit-web/tsconfig.json
@@ -11,6 +11,7 @@
       "@bitwarden/vault-export-core": [
         "../../libs/tools/export/vault-export/vault-export-core/src"
       ],
+      "@bitwarden/vault-export-ui": ["../../libs/tools/export/vault-export/vault-export-core/src"],
       "@bitwarden/platform": ["../../libs/platform/src"],
       "@bitwarden/vault": ["../../libs/vault/src"],
       "@bitwarden/web-vault/*": ["../../apps/web/src/*"]
diff --git a/libs/angular/src/admin-console/components/collections.component.ts b/libs/angular/src/admin-console/components/collections.component.ts
index 9c3ce48369..167fe0a97f 100644
--- a/libs/angular/src/admin-console/components/collections.component.ts
+++ b/libs/angular/src/admin-console/components/collections.component.ts
@@ -1,5 +1,7 @@
 import { Directive, EventEmitter, Input, OnInit, Output } from "@angular/core";
 
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -19,6 +21,8 @@ export class CollectionsComponent implements OnInit {
   cipher: CipherView;
   collectionIds: string[];
   collections: CollectionView[] = [];
+  organization: Organization;
+  flexibleCollectionsV1Enabled: boolean;
 
   protected cipherDomain: Cipher;
 
@@ -27,6 +31,7 @@ export class CollectionsComponent implements OnInit {
     protected platformUtilsService: PlatformUtilsService,
     protected i18nService: I18nService,
     protected cipherService: CipherService,
+    protected organizationService: OrganizationService,
     private logService: LogService,
   ) {}
 
@@ -48,11 +53,21 @@ export class CollectionsComponent implements OnInit {
         (c as any).checked = this.collectionIds != null && this.collectionIds.indexOf(c.id) > -1;
       });
     }
+
+    if (this.organization == null) {
+      this.organization = await this.organizationService.get(this.cipher.organizationId);
+    }
   }
 
   async submit() {
     const selectedCollectionIds = this.collections
-      .filter((c) => !!(c as any).checked)
+      .filter((c) => {
+        if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
+          return !!(c as any).checked;
+        } else {
+          return !!(c as any).checked && c.readOnly == null;
+        }
+      })
       .map((c) => c.id);
     if (!this.allowSelectNone && selectedCollectionIds.length === 0) {
       this.platformUtilsService.showToast(
diff --git a/libs/angular/src/auth/components/base-login-decryption-options.component.ts b/libs/angular/src/auth/components/base-login-decryption-options.component.ts
index 75f6a81b89..8345bb9939 100644
--- a/libs/angular/src/auth/components/base-login-decryption-options.component.ts
+++ b/libs/angular/src/auth/components/base-login-decryption-options.component.ts
@@ -14,12 +14,17 @@ import {
   throwError,
 } from "rxjs";
 
+import {
+  LoginEmailServiceAbstraction,
+  UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { PasswordResetEnrollmentServiceAbstraction } from "@bitwarden/common/auth/abstractions/password-reset-enrollment.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
@@ -30,7 +35,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
+import { UserId } from "@bitwarden/common/types/guid";
 
 enum State {
   NewUser,
@@ -62,6 +67,8 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
   protected data?: Data;
   protected loading = true;
 
+  activeAccountId: UserId;
+
   // Remember device means for the user to trust the device
   rememberDeviceForm = this.formBuilder.group({
     rememberDevice: [true],
@@ -79,7 +86,7 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
     protected activatedRoute: ActivatedRoute,
     protected messagingService: MessagingService,
     protected tokenService: TokenService,
-    protected loginService: LoginService,
+    protected loginEmailService: LoginEmailServiceAbstraction,
     protected organizationApiService: OrganizationApiServiceAbstraction,
     protected cryptoService: CryptoService,
     protected organizationUserService: OrganizationUserService,
@@ -88,12 +95,15 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
     protected validationService: ValidationService,
     protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     protected platformUtilsService: PlatformUtilsService,
+    protected userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     protected passwordResetEnrollmentService: PasswordResetEnrollmentServiceAbstraction,
     protected ssoLoginService: SsoLoginServiceAbstraction,
+    protected accountService: AccountService,
   ) {}
 
   async ngOnInit() {
     this.loading = true;
+    this.activeAccountId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
 
     this.setupRememberDeviceValueChanges();
 
@@ -101,14 +111,15 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
     await this.setRememberDeviceDefaultValue();
 
     try {
-      const accountDecryptionOptions: AccountDecryptionOptions =
-        await this.stateService.getAccountDecryptionOptions();
+      const userDecryptionOptions = await firstValueFrom(
+        this.userDecryptionOptionsService.userDecryptionOptions$,
+      );
 
       // see sso-login.strategy - to determine if a user is new or not it just checks if there is a key on the token response..
       // can we check if they have a user key or master key in crypto service? Would that be sufficient?
       if (
-        !accountDecryptionOptions?.trustedDeviceOption?.hasAdminApproval &&
-        !accountDecryptionOptions?.hasMasterPassword
+        !userDecryptionOptions?.trustedDeviceOption?.hasAdminApproval &&
+        !userDecryptionOptions?.hasMasterPassword
       ) {
         // We are dealing with a new account if:
         //  - User does not have admin approval (i.e. has not enrolled into admin reset)
@@ -118,7 +129,7 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
         this.loadNewUserData();
       } else {
-        this.loadUntrustedDeviceData(accountDecryptionOptions);
+        this.loadUntrustedDeviceData(userDecryptionOptions);
       }
 
       // Note: this is probably not a comprehensive write up of all scenarios:
@@ -145,7 +156,9 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
   }
 
   private async setRememberDeviceDefaultValue() {
-    const rememberDeviceFromState = await this.deviceTrustCryptoService.getShouldTrustDevice();
+    const rememberDeviceFromState = await this.deviceTrustCryptoService.getShouldTrustDevice(
+      this.activeAccountId,
+    );
 
     const rememberDevice = rememberDeviceFromState ?? true;
 
@@ -156,7 +169,9 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
     this.rememberDevice.valueChanges
       .pipe(
         switchMap((value) =>
-          defer(() => this.deviceTrustCryptoService.setShouldTrustDevice(value)),
+          defer(() =>
+            this.deviceTrustCryptoService.setShouldTrustDevice(this.activeAccountId, value),
+          ),
         ),
         takeUntil(this.destroy$),
       )
@@ -195,7 +210,7 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
     this.loading = false;
   }
 
-  loadUntrustedDeviceData(accountDecryptionOptions: AccountDecryptionOptions) {
+  loadUntrustedDeviceData(userDecryptionOptions: UserDecryptionOptions) {
     this.loading = true;
 
     const email$ = from(this.stateService.getEmail()).pipe(
@@ -215,13 +230,12 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
       )
       .subscribe((email) => {
         const showApproveFromOtherDeviceBtn =
-          accountDecryptionOptions?.trustedDeviceOption?.hasLoginApprovingDevice || false;
+          userDecryptionOptions?.trustedDeviceOption?.hasLoginApprovingDevice || false;
 
         const showReqAdminApprovalBtn =
-          !!accountDecryptionOptions?.trustedDeviceOption?.hasAdminApproval || false;
+          !!userDecryptionOptions?.trustedDeviceOption?.hasAdminApproval || false;
 
-        const showApproveWithMasterPasswordBtn =
-          accountDecryptionOptions?.hasMasterPassword || false;
+        const showApproveWithMasterPasswordBtn = userDecryptionOptions?.hasMasterPassword || false;
 
         const userEmail = email;
 
@@ -240,23 +254,17 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
       return;
     }
 
-    this.loginService.setEmail(this.data.userEmail);
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.router.navigate(["/login-with-device"]);
+    this.loginEmailService.setEmail(this.data.userEmail);
+    await this.router.navigate(["/login-with-device"]);
   }
 
   async requestAdminApproval() {
-    this.loginService.setEmail(this.data.userEmail);
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.router.navigate(["/admin-approval-requested"]);
+    this.loginEmailService.setEmail(this.data.userEmail);
+    await this.router.navigate(["/admin-approval-requested"]);
   }
 
   async approveWithMasterPassword() {
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.router.navigate(["/lock"], { queryParams: { from: "login-initiated" } });
+    await this.router.navigate(["/lock"], { queryParams: { from: "login-initiated" } });
   }
 
   async createUser() {
@@ -280,7 +288,7 @@ export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
       await this.passwordResetEnrollmentService.enroll(this.data.organizationId);
 
       if (this.rememberDeviceForm.value.rememberDevice) {
-        await this.deviceTrustCryptoService.trustDevice();
+        await this.deviceTrustCryptoService.trustDevice(this.activeAccountId);
       }
     } catch (error) {
       this.validationService.showError(error);
diff --git a/libs/angular/src/auth/components/captcha-protected.component.ts b/libs/angular/src/auth/components/captcha-protected.component.ts
index 7a48b8f2e5..0f549d2498 100644
--- a/libs/angular/src/auth/components/captcha-protected.component.ts
+++ b/libs/angular/src/auth/components/captcha-protected.component.ts
@@ -1,4 +1,5 @@
 import { Directive, Input } from "@angular/core";
+import { firstValueFrom } from "rxjs";
 
 import { CaptchaIFrame } from "@bitwarden/common/auth/captcha-iframe";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -19,7 +20,8 @@ export abstract class CaptchaProtectedComponent {
   ) {}
 
   async setupCaptcha() {
-    const webVaultUrl = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webVaultUrl = env.getWebVaultUrl();
 
     this.captcha = new CaptchaIFrame(
       window,
diff --git a/libs/angular/src/auth/components/environment-selector.component.html b/libs/angular/src/auth/components/environment-selector.component.html
index 8ee8a4d578..8ad0602385 100644
--- a/libs/angular/src/auth/components/environment-selector.component.html
+++ b/libs/angular/src/auth/components/environment-selector.component.html
@@ -7,17 +7,15 @@
     #trigger="cdkOverlayOrigin"
     aria-haspopup="dialog"
     aria-controls="cdk-overlay-container"
-    [ngSwitch]="selectedEnvironment"
   >
-    <span *ngSwitchCase="ServerEnvironmentType.US" class="text-primary">{{
-      "usDomain" | i18n
-    }}</span>
-    <span *ngSwitchCase="ServerEnvironmentType.EU" class="text-primary">{{
-      "euDomain" | i18n
-    }}</span>
-    <span *ngSwitchCase="ServerEnvironmentType.SelfHosted" class="text-primary">{{
-      "selfHostedServer" | i18n
-    }}</span>
+    <span class="text-primary">
+      <ng-container *ngIf="selectedRegion$ | async as selectedRegion; else fallback">
+        {{ selectedRegion.domain }}
+      </ng-container>
+      <ng-template #fallback>
+        {{ "selfHostedServer" | i18n }}
+      </ng-template>
+    </span>
     <i class="bwi bwi-fw bwi-sm bwi-angle-down" aria-hidden="true"></i>
   </button>
 </div>
@@ -41,40 +39,23 @@
       role="dialog"
       aria-modal="true"
     >
-      <button
-        type="button"
-        class="environment-selector-dialog-item"
-        (click)="toggle(ServerEnvironmentType.US)"
-        [attr.aria-pressed]="selectedEnvironment === ServerEnvironmentType.US ? 'true' : 'false'"
-      >
-        <i
-          class="bwi bwi-fw bwi-sm bwi-check"
-          style="padding-bottom: 1px"
-          aria-hidden="true"
-          [style.visibility]="
-            selectedEnvironment === ServerEnvironmentType.US ? 'visible' : 'hidden'
-          "
-        ></i>
-        <span>{{ "usDomain" | i18n }}</span>
-      </button>
-      <br />
-      <button
-        type="button"
-        class="environment-selector-dialog-item"
-        (click)="toggle(ServerEnvironmentType.EU)"
-        [attr.aria-pressed]="selectedEnvironment === ServerEnvironmentType.EU ? 'true' : 'false'"
-      >
-        <i
-          class="bwi bwi-fw bwi-sm bwi-check"
-          style="padding-bottom: 1px"
-          aria-hidden="true"
-          [style.visibility]="
-            selectedEnvironment === ServerEnvironmentType.EU ? 'visible' : 'hidden'
-          "
-        ></i>
-        <span>{{ "euDomain" | i18n }}</span>
-      </button>
-      <br />
+      <ng-container *ngFor="let region of availableRegions">
+        <button
+          type="button"
+          class="environment-selector-dialog-item"
+          (click)="toggle(region.key)"
+          [attr.aria-pressed]="selectedEnvironment === region.key ? 'true' : 'false'"
+        >
+          <i
+            class="bwi bwi-fw bwi-sm bwi-check"
+            style="padding-bottom: 1px"
+            aria-hidden="true"
+            [style.visibility]="selectedEnvironment === region.key ? 'visible' : 'hidden'"
+          ></i>
+          <span>{{ region.domain }}</span>
+        </button>
+        <br />
+      </ng-container>
       <button
         type="button"
         class="environment-selector-dialog-item"
diff --git a/libs/angular/src/auth/components/environment-selector.component.ts b/libs/angular/src/auth/components/environment-selector.component.ts
index 80cc058180..838667e080 100644
--- a/libs/angular/src/auth/components/environment-selector.component.ts
+++ b/libs/angular/src/auth/components/environment-selector.component.ts
@@ -1,13 +1,13 @@
 import { animate, state, style, transition, trigger } from "@angular/animations";
 import { ConnectedPosition } from "@angular/cdk/overlay";
-import { Component, EventEmitter, OnDestroy, OnInit, Output } from "@angular/core";
+import { Component, EventEmitter, Output } from "@angular/core";
 import { Router } from "@angular/router";
-import { Subject, takeUntil } from "rxjs";
+import { Observable, map } from "rxjs";
 
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import {
-  EnvironmentService as EnvironmentServiceAbstraction,
+  EnvironmentService,
   Region,
+  RegionConfig,
 } from "@bitwarden/common/platform/abstractions/environment.service";
 
 @Component({
@@ -34,7 +34,7 @@ import {
     ]),
   ],
 })
-export class EnvironmentSelectorComponent implements OnInit, OnDestroy {
+export class EnvironmentSelectorComponent {
   @Output() onOpenSelfHostedSettings = new EventEmitter();
   isOpen = false;
   showingModal = false;
@@ -48,59 +48,34 @@ export class EnvironmentSelectorComponent implements OnInit, OnDestroy {
       overlayY: "top",
     },
   ];
-  protected componentDestroyed$: Subject<void> = new Subject();
+
+  protected availableRegions = this.environmentService.availableRegions();
+  protected selectedRegion$: Observable<RegionConfig | undefined> =
+    this.environmentService.environment$.pipe(
+      map((e) => e.getRegion()),
+      map((r) => this.availableRegions.find((ar) => ar.key === r)),
+    );
 
   constructor(
-    protected environmentService: EnvironmentServiceAbstraction,
-    protected configService: ConfigServiceAbstraction,
+    protected environmentService: EnvironmentService,
     protected router: Router,
   ) {}
 
-  async ngOnInit() {
-    this.configService.serverConfig$.pipe(takeUntil(this.componentDestroyed$)).subscribe(() => {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.updateEnvironmentInfo();
-    });
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.updateEnvironmentInfo();
-  }
-
-  ngOnDestroy(): void {
-    this.componentDestroyed$.next();
-    this.componentDestroyed$.complete();
-  }
-
   async toggle(option: Region) {
     this.isOpen = !this.isOpen;
     if (option === null) {
       return;
     }
 
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.updateEnvironmentInfo();
-
     if (option === Region.SelfHosted) {
       this.onOpenSelfHostedSettings.emit();
       return;
     }
 
-    await this.environmentService.setRegion(option);
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.updateEnvironmentInfo();
-  }
-
-  async updateEnvironmentInfo() {
-    this.selectedEnvironment = this.environmentService.selectedRegion;
+    await this.environmentService.setEnvironment(option);
   }
 
   close() {
     this.isOpen = false;
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.updateEnvironmentInfo();
   }
 }
diff --git a/libs/angular/src/auth/components/environment.component.ts b/libs/angular/src/auth/components/environment.component.ts
index bb050ed44d..a58d5e5082 100644
--- a/libs/angular/src/auth/components/environment.component.ts
+++ b/libs/angular/src/auth/components/environment.component.ts
@@ -1,4 +1,5 @@
 import { Directive, EventEmitter, Output } from "@angular/core";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 
 import {
   EnvironmentService,
@@ -27,21 +28,29 @@ export class EnvironmentComponent {
     protected i18nService: I18nService,
     private modalService: ModalService,
   ) {
-    const urls = this.environmentService.getUrls();
-    if (this.environmentService.selectedRegion != Region.SelfHosted) {
-      return;
-    }
+    this.environmentService.environment$.pipe(takeUntilDestroyed()).subscribe((env) => {
+      if (env.getRegion() !== Region.SelfHosted) {
+        this.baseUrl = "";
+        this.webVaultUrl = "";
+        this.apiUrl = "";
+        this.identityUrl = "";
+        this.iconsUrl = "";
+        this.notificationsUrl = "";
+        return;
+      }
 
-    this.baseUrl = urls.base || "";
-    this.webVaultUrl = urls.webVault || "";
-    this.apiUrl = urls.api || "";
-    this.identityUrl = urls.identity || "";
-    this.iconsUrl = urls.icons || "";
-    this.notificationsUrl = urls.notifications || "";
+      const urls = env.getUrls();
+      this.baseUrl = urls.base || "";
+      this.webVaultUrl = urls.webVault || "";
+      this.apiUrl = urls.api || "";
+      this.identityUrl = urls.identity || "";
+      this.iconsUrl = urls.icons || "";
+      this.notificationsUrl = urls.notifications || "";
+    });
   }
 
   async submit() {
-    const resUrls = await this.environmentService.setUrls({
+    await this.environmentService.setEnvironment(Region.SelfHosted, {
       base: this.baseUrl,
       api: this.apiUrl,
       identity: this.identityUrl,
@@ -50,14 +59,6 @@ export class EnvironmentComponent {
       notifications: this.notificationsUrl,
     });
 
-    // re-set urls since service can change them, ex: prefixing https://
-    this.baseUrl = resUrls.base;
-    this.apiUrl = resUrls.api;
-    this.identityUrl = resUrls.identity;
-    this.webVaultUrl = resUrls.webVault;
-    this.iconsUrl = resUrls.icons;
-    this.notificationsUrl = resUrls.notifications;
-
     this.platformUtilsService.showToast("success", null, this.i18nService.t("environmentSaved"));
     this.saved();
   }
diff --git a/libs/angular/src/auth/components/hint.component.ts b/libs/angular/src/auth/components/hint.component.ts
index 54edc5b8fa..484604b6a5 100644
--- a/libs/angular/src/auth/components/hint.component.ts
+++ b/libs/angular/src/auth/components/hint.component.ts
@@ -1,8 +1,8 @@
 import { Directive, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
 
+import { LoginEmailServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { PasswordHintRequest } from "@bitwarden/common/auth/models/request/password-hint.request";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -22,11 +22,11 @@ export class HintComponent implements OnInit {
     protected apiService: ApiService,
     protected platformUtilsService: PlatformUtilsService,
     private logService: LogService,
-    private loginService: LoginService,
+    private loginEmailService: LoginEmailServiceAbstraction,
   ) {}
 
   ngOnInit(): void {
-    this.email = this.loginService.getEmail() ?? "";
+    this.email = this.loginEmailService.getEmail() ?? "";
   }
 
   async submit() {
diff --git a/libs/angular/src/auth/components/lock.component.ts b/libs/angular/src/auth/components/lock.component.ts
index d5da3e826e..aa3b801ded 100644
--- a/libs/angular/src/auth/components/lock.component.ts
+++ b/libs/angular/src/auth/components/lock.component.ts
@@ -10,6 +10,7 @@ import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeou
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
@@ -75,6 +76,7 @@ export class LockComponent implements OnInit, OnDestroy {
     protected userVerificationService: UserVerificationService,
     protected pinCryptoService: PinCryptoServiceAbstraction,
     protected biometricStateService: BiometricStateService,
+    protected accountService: AccountService,
   ) {}
 
   async ngOnInit() {
@@ -119,7 +121,7 @@ export class LockComponent implements OnInit, OnDestroy {
       return;
     }
 
-    await this.biometricStateService.setPromptCancelled();
+    await this.biometricStateService.setUserPromptCancelled();
     const userKey = await this.cryptoService.getUserKeyFromStorage(KeySuffixOptions.Biometric);
 
     if (userKey) {
@@ -269,14 +271,15 @@ export class LockComponent implements OnInit, OnDestroy {
 
     // Now that we have a decrypted user key in memory, we can check if we
     // need to establish trust on the current device
-    await this.deviceTrustCryptoService.trustDeviceIfRequired();
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+    await this.deviceTrustCryptoService.trustDeviceIfRequired(activeAccount.id);
 
     await this.doContinue(evaluatePasswordAfterUnlock);
   }
 
   private async doContinue(evaluatePasswordAfterUnlock: boolean) {
     await this.stateService.setEverBeenUnlocked(true);
-    await this.biometricStateService.resetPromptCancelled();
+    await this.biometricStateService.resetUserPromptCancelled();
     this.messagingService.send("unlocked");
 
     if (evaluatePasswordAfterUnlock) {
@@ -346,7 +349,7 @@ export class LockComponent implements OnInit, OnDestroy {
         !this.platformUtilsService.supportsSecureStorage());
     this.email = await this.stateService.getEmail();
 
-    this.webVaultHostname = await this.environmentService.getHost();
+    this.webVaultHostname = (await this.environmentService.getEnvironment()).getHostname();
   }
 
   /**
diff --git a/libs/angular/src/auth/components/login-via-auth-request.component.ts b/libs/angular/src/auth/components/login-via-auth-request.component.ts
index 45d7f563f7..6ba94d3001 100644
--- a/libs/angular/src/auth/components/login-via-auth-request.component.ts
+++ b/libs/angular/src/auth/components/login-via-auth-request.component.ts
@@ -1,17 +1,18 @@
 import { Directive, OnDestroy, OnInit } from "@angular/core";
 import { IsActiveMatchOptions, Router } from "@angular/router";
-import { Subject, takeUntil } from "rxjs";
+import { Subject, firstValueFrom, takeUntil } from "rxjs";
 
 import {
   AuthRequestLoginCredentials,
   AuthRequestServiceAbstraction,
   LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
@@ -68,7 +69,6 @@ export class LoginViaAuthRequestComponent
 
   private authRequestKeyPair: { publicKey: Uint8Array; privateKey: Uint8Array };
 
-  // TODO: in future, go to child components and remove child constructors and let deps fall through to the super class
   constructor(
     protected router: Router,
     private cryptoService: CryptoService,
@@ -84,10 +84,11 @@ export class LoginViaAuthRequestComponent
     private anonymousHubService: AnonymousHubService,
     private validationService: ValidationService,
     private stateService: StateService,
-    private loginService: LoginService,
+    private loginEmailService: LoginEmailServiceAbstraction,
     private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     private authRequestService: AuthRequestServiceAbstraction,
     private loginStrategyService: LoginStrategyServiceAbstraction,
+    private accountService: AccountService,
   ) {
     super(environmentService, i18nService, platformUtilsService);
 
@@ -95,17 +96,19 @@ export class LoginViaAuthRequestComponent
     // Why would the existence of the email depend on the navigation?
     const navigation = this.router.getCurrentNavigation();
     if (navigation) {
-      this.email = this.loginService.getEmail();
+      this.email = this.loginEmailService.getEmail();
     }
 
-    //gets signalR push notification
-    this.loginStrategyService.authRequestPushNotification$
+    // Gets signalR push notification
+    // Only fires on approval to prevent enumeration
+    this.authRequestService.authRequestPushNotification$
       .pipe(takeUntil(this.destroy$))
       .subscribe((id) => {
-        // Only fires on approval currently
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        this.verifyAndHandleApprovedAuthReq(id);
+        this.verifyAndHandleApprovedAuthReq(id).catch((e: Error) => {
+          this.platformUtilsService.showToast("error", this.i18nService.t("error"), e.message);
+          this.logService.error("Failed to use approved auth request: " + e.message);
+        });
       });
   }
 
@@ -150,7 +153,7 @@ export class LoginViaAuthRequestComponent
     } else {
       // Standard auth request
       // TODO: evaluate if we can remove the setting of this.email in the constructor
-      this.email = this.loginService.getEmail();
+      this.email = this.loginEmailService.getEmail();
 
       if (!this.email) {
         this.platformUtilsService.showToast("error", null, this.i18nService.t("userEmailMissing"));
@@ -164,10 +167,10 @@ export class LoginViaAuthRequestComponent
     }
   }
 
-  ngOnDestroy(): void {
+  async ngOnDestroy() {
+    await this.anonymousHubService.stopHubConnection();
     this.destroy$.next();
     this.destroy$.complete();
-    this.anonymousHubService.stopHubConnection();
   }
 
   private async handleExistingAdminAuthRequest(adminAuthReqStorable: AdminAuthRequestStorable) {
@@ -213,7 +216,7 @@ export class LoginViaAuthRequestComponent
 
     // Request still pending response from admin
     // So, create hub connection so that any approvals will be received via push notification
-    this.anonymousHubService.createHubConnection(adminAuthReqStorable.id);
+    await this.anonymousHubService.createHubConnection(adminAuthReqStorable.id);
   }
 
   private async handleExistingAdminAuthReqDeletedOrDenied() {
@@ -273,7 +276,7 @@ export class LoginViaAuthRequestComponent
       }
 
       if (reqResponse.id) {
-        this.anonymousHubService.createHubConnection(reqResponse.id);
+        await this.anonymousHubService.createHubConnection(reqResponse.id);
       }
     } catch (e) {
       this.logService.error(e);
@@ -387,7 +390,8 @@ export class LoginViaAuthRequestComponent
 
     // Now that we have a decrypted user key in memory, we can check if we
     // need to establish trust on the current device
-    await this.deviceTrustCryptoService.trustDeviceIfRequired();
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+    await this.deviceTrustCryptoService.trustDeviceIfRequired(activeAccount.id);
 
     // TODO: don't forget to use auto enrollment service everywhere we trust device
 
@@ -471,17 +475,10 @@ export class LoginViaAuthRequestComponent
     }
   }
 
-  async setRememberEmailValues() {
-    const rememberEmail = this.loginService.getRememberEmail();
-    const rememberedEmail = this.loginService.getEmail();
-    await this.stateService.setRememberedEmail(rememberEmail ? rememberedEmail : null);
-    this.loginService.clearValues();
-  }
-
   private async handleSuccessfulLoginNavigation() {
     if (this.state === State.StandardAuthRequest) {
       // Only need to set remembered email on standard login with auth req flow
-      await this.setRememberEmailValues();
+      await this.loginEmailService.saveEmailSettings();
     }
 
     if (this.onSuccessfulLogin != null) {
diff --git a/libs/angular/src/auth/components/login.component.ts b/libs/angular/src/auth/components/login.component.ts
index 0ed1fd1dfe..bcdf747406 100644
--- a/libs/angular/src/auth/components/login.component.ts
+++ b/libs/angular/src/auth/components/login.component.ts
@@ -1,12 +1,15 @@
 import { Directive, ElementRef, NgZone, OnDestroy, OnInit, ViewChild } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
-import { Subject } from "rxjs";
+import { Subject, firstValueFrom } from "rxjs";
 import { take, takeUntil } from "rxjs/operators";
 
-import { LoginStrategyServiceAbstraction, PasswordLoginCredentials } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  PasswordLoginCredentials,
+} from "@bitwarden/auth/common";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
@@ -77,17 +80,13 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
     protected formBuilder: FormBuilder,
     protected formValidationErrorService: FormValidationErrorsService,
     protected route: ActivatedRoute,
-    protected loginService: LoginService,
+    protected loginEmailService: LoginEmailServiceAbstraction,
     protected ssoLoginService: SsoLoginServiceAbstraction,
     protected webAuthnLoginService: WebAuthnLoginServiceAbstraction,
   ) {
     super(environmentService, i18nService, platformUtilsService);
   }
 
-  get selfHostedDomain() {
-    return this.environmentService.hasBaseUrl() ? this.environmentService.getWebVaultUrl() : null;
-  }
-
   async ngOnInit() {
     this.route?.queryParams.pipe(takeUntil(this.destroy$)).subscribe((params) => {
       if (!params) {
@@ -97,25 +96,23 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
       const queryParamsEmail = params.email;
 
       if (queryParamsEmail != null && queryParamsEmail.indexOf("@") > -1) {
-        this.formGroup.get("email").setValue(queryParamsEmail);
-        this.loginService.setEmail(queryParamsEmail);
+        this.formGroup.controls.email.setValue(queryParamsEmail);
         this.paramEmailSet = true;
       }
     });
-    let email = this.loginService.getEmail();
-
-    if (email == null || email === "") {
-      email = await this.stateService.getRememberedEmail();
-    }
 
     if (!this.paramEmailSet) {
-      this.formGroup.get("email")?.setValue(email ?? "");
+      const storedEmail = await firstValueFrom(this.loginEmailService.storedEmail$);
+      this.formGroup.controls.email.setValue(storedEmail ?? "");
     }
-    let rememberEmail = this.loginService.getRememberEmail();
+
+    let rememberEmail = this.loginEmailService.getRememberEmail();
+
     if (rememberEmail == null) {
-      rememberEmail = (await this.stateService.getRememberedEmail()) != null;
+      rememberEmail = (await firstValueFrom(this.loginEmailService.storedEmail$)) != null;
     }
-    this.formGroup.get("rememberEmail")?.setValue(rememberEmail);
+
+    this.formGroup.controls.rememberEmail.setValue(rememberEmail);
   }
 
   ngOnDestroy() {
@@ -152,8 +149,10 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
 
       this.formPromise = this.loginStrategyService.logIn(credentials);
       const response = await this.formPromise;
-      this.setFormValues();
-      await this.loginService.saveEmailSettings();
+
+      this.setLoginEmailValues();
+      await this.loginEmailService.saveEmailSettings();
+
       if (this.handleCaptchaRequired(response)) {
         return;
       } else if (this.handleMigrateEncryptionKey(response)) {
@@ -218,7 +217,7 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
       return;
     }
 
-    this.setFormValues();
+    this.setLoginEmailValues();
     // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.router.navigate(["/login-with-device"]);
@@ -245,7 +244,8 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
     await this.ssoLoginService.setCodeVerifier(ssoCodeVerifier);
 
     // Build URI
-    const webUrl = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webUrl = env.getWebVaultUrl();
 
     // Launch browser
     this.platformUtilsService.launchUri(
@@ -295,14 +295,14 @@ export class LoginComponent extends CaptchaProtectedComponent implements OnInit,
     }
   }
 
-  setFormValues() {
-    this.loginService.setEmail(this.formGroup.value.email);
-    this.loginService.setRememberEmail(this.formGroup.value.rememberEmail);
+  setLoginEmailValues() {
+    this.loginEmailService.setEmail(this.formGroup.value.email);
+    this.loginEmailService.setRememberEmail(this.formGroup.value.rememberEmail);
   }
 
   async saveEmailSettings() {
-    this.setFormValues();
-    await this.loginService.saveEmailSettings();
+    this.setLoginEmailValues();
+    await this.loginEmailService.saveEmailSettings();
 
     // Save off email for SSO
     await this.ssoLoginService.setSsoEmail(this.formGroup.value.email);
diff --git a/libs/angular/src/auth/components/set-password.component.ts b/libs/angular/src/auth/components/set-password.component.ts
index 573c8ad3dd..a7442f711b 100644
--- a/libs/angular/src/auth/components/set-password.component.ts
+++ b/libs/angular/src/auth/components/set-password.component.ts
@@ -1,8 +1,9 @@
 import { Directive } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-import { of } from "rxjs";
+import { firstValueFrom, of } from "rxjs";
 import { filter, first, switchMap, tap } from "rxjs/operators";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
@@ -26,7 +27,6 @@ import {
   DEFAULT_KDF_CONFIG,
 } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
@@ -64,6 +64,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
     stateService: StateService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
+    private userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     private ssoLoginService: SsoLoginServiceAbstraction,
     dialogService: DialogService,
   ) {
@@ -228,11 +229,11 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
     await this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.None);
 
     // User now has a password so update account decryption options in state
-    const acctDecryptionOpts: AccountDecryptionOptions =
-      await this.stateService.getAccountDecryptionOptions();
-
-    acctDecryptionOpts.hasMasterPassword = true;
-    await this.stateService.setAccountDecryptionOptions(acctDecryptionOpts);
+    const userDecryptionOpts = await firstValueFrom(
+      this.userDecryptionOptionsService.userDecryptionOptions$,
+    );
+    userDecryptionOpts.hasMasterPassword = true;
+    await this.userDecryptionOptionsService.setUserDecryptionOptions(userDecryptionOpts);
 
     await this.stateService.setKdfType(this.kdf);
     await this.stateService.setKdfConfig(this.kdfConfig);
diff --git a/libs/angular/src/auth/components/sso.component.spec.ts b/libs/angular/src/auth/components/sso.component.spec.ts
index 9c31b6681a..c5c062d9a7 100644
--- a/libs/angular/src/auth/components/sso.component.spec.ts
+++ b/libs/angular/src/auth/components/sso.component.spec.ts
@@ -2,24 +2,27 @@ import { Component } from "@angular/core";
 import { ComponentFixture, TestBed } from "@angular/core/testing";
 import { ActivatedRoute, Router } from "@angular/router";
 import { MockProxy, mock } from "jest-mock-extended";
-import { Observable, of } from "rxjs";
+import { BehaviorSubject, Observable, of } from "rxjs";
 
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  FakeKeyConnectorUserDecryptionOption as KeyConnectorUserDecryptionOption,
+  LoginStrategyServiceAbstraction,
+  FakeTrustedDeviceUserDecryptionOption as TrustedDeviceUserDecryptionOption,
+  FakeUserDecryptionOptions as UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { KeyConnectorUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
-import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 import { SsoComponent } from "./sso.component";
@@ -62,7 +65,8 @@ describe("SsoComponent", () => {
   let mockEnvironmentService: MockProxy<EnvironmentService>;
   let mockPasswordGenerationService: MockProxy<PasswordGenerationServiceAbstraction>;
   let mockLogService: MockProxy<LogService>;
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockUserDecryptionOptionsService: MockProxy<UserDecryptionOptionsServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
 
   // Mock authService.logIn params
   let code: string;
@@ -77,17 +81,19 @@ describe("SsoComponent", () => {
   let mockOnSuccessfulLoginForceResetNavigate: jest.Mock;
   let mockOnSuccessfulLoginTdeNavigate: jest.Mock;
 
-  let mockAcctDecryptionOpts: {
-    noMasterPassword: AccountDecryptionOptions;
-    withMasterPassword: AccountDecryptionOptions;
-    withMasterPasswordAndTrustedDevice: AccountDecryptionOptions;
-    withMasterPasswordAndTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
-    withMasterPasswordAndKeyConnector: AccountDecryptionOptions;
-    noMasterPasswordWithTrustedDevice: AccountDecryptionOptions;
-    noMasterPasswordWithTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
-    noMasterPasswordWithKeyConnector: AccountDecryptionOptions;
+  let mockUserDecryptionOpts: {
+    noMasterPassword: UserDecryptionOptions;
+    withMasterPassword: UserDecryptionOptions;
+    withMasterPasswordAndTrustedDevice: UserDecryptionOptions;
+    withMasterPasswordAndTrustedDeviceWithManageResetPassword: UserDecryptionOptions;
+    withMasterPasswordAndKeyConnector: UserDecryptionOptions;
+    noMasterPasswordWithTrustedDevice: UserDecryptionOptions;
+    noMasterPasswordWithTrustedDeviceWithManageResetPassword: UserDecryptionOptions;
+    noMasterPasswordWithKeyConnector: UserDecryptionOptions;
   };
 
+  let selectedUserDecryptionOptions: BehaviorSubject<UserDecryptionOptions>;
+
   beforeEach(() => {
     // Mock Services
     mockLoginStrategyService = mock<LoginStrategyServiceAbstraction>();
@@ -101,15 +107,16 @@ describe("SsoComponent", () => {
       queryParams: mockQueryParams,
     } as any as ActivatedRoute;
 
-    mockSsoLoginService = mock<SsoLoginServiceAbstraction>();
-    mockStateService = mock<StateService>();
-    mockPlatformUtilsService = mock<PlatformUtilsService>();
-    mockApiService = mock<ApiService>();
-    mockCryptoFunctionService = mock<CryptoFunctionService>();
-    mockEnvironmentService = mock<EnvironmentService>();
-    mockPasswordGenerationService = mock<PasswordGenerationServiceAbstraction>();
-    mockLogService = mock<LogService>();
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockSsoLoginService = mock();
+    mockStateService = mock();
+    mockPlatformUtilsService = mock();
+    mockApiService = mock();
+    mockCryptoFunctionService = mock();
+    mockEnvironmentService = mock();
+    mockPasswordGenerationService = mock();
+    mockLogService = mock();
+    mockUserDecryptionOptionsService = mock();
+    mockConfigService = mock();
 
     // Mock loginStrategyService.logIn params
     code = "code";
@@ -124,49 +131,52 @@ describe("SsoComponent", () => {
     mockOnSuccessfulLoginForceResetNavigate = jest.fn();
     mockOnSuccessfulLoginTdeNavigate = jest.fn();
 
-    mockAcctDecryptionOpts = {
-      noMasterPassword: new AccountDecryptionOptions({
+    mockUserDecryptionOpts = {
+      noMasterPassword: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: undefined,
         keyConnectorOption: undefined,
       }),
-      withMasterPassword: new AccountDecryptionOptions({
+      withMasterPassword: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: undefined,
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndTrustedDevice: new AccountDecryptionOptions({
+      withMasterPasswordAndTrustedDevice: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndKeyConnector: new AccountDecryptionOptions({
+      withMasterPasswordAndKeyConnector: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: undefined,
         keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
       }),
-      noMasterPasswordWithTrustedDevice: new AccountDecryptionOptions({
+      noMasterPasswordWithTrustedDevice: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
         keyConnectorOption: undefined,
       }),
-      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
         keyConnectorOption: undefined,
       }),
-      noMasterPasswordWithKeyConnector: new AccountDecryptionOptions({
+      noMasterPasswordWithKeyConnector: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: undefined,
         keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
       }),
     };
 
+    selectedUserDecryptionOptions = new BehaviorSubject<UserDecryptionOptions>(null);
+    mockUserDecryptionOptionsService.userDecryptionOptions$ = selectedUserDecryptionOptions;
+
     TestBed.configureTestingModule({
       declarations: [TestSsoComponent],
       providers: [
@@ -183,8 +193,12 @@ describe("SsoComponent", () => {
         { provide: EnvironmentService, useValue: mockEnvironmentService },
         { provide: PasswordGenerationServiceAbstraction, useValue: mockPasswordGenerationService },
 
+        {
+          provide: UserDecryptionOptionsServiceAbstraction,
+          useValue: mockUserDecryptionOptionsService,
+        },
         { provide: LogService, useValue: mockLogService },
-        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+        { provide: ConfigService, useValue: mockConfigService },
       ],
     });
 
@@ -230,9 +244,7 @@ describe("SsoComponent", () => {
         authResult.twoFactorProviders = new Map([[TwoFactorProviderType.Authenticator, {}]]);
 
         // use standard user with MP because this test is not concerned with password reset.
-        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-          mockAcctDecryptionOpts.withMasterPassword,
-        );
+        selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
 
         mockLoginStrategyService.logIn.mockResolvedValue(authResult);
       });
@@ -341,8 +353,8 @@ describe("SsoComponent", () => {
       describe("Given Trusted Device Encryption is enabled and user needs to set a master password", () => {
         let authResult;
         beforeEach(() => {
-          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-            mockAcctDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword,
+          selectedUserDecryptionOptions.next(
+            mockUserDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword,
           );
 
           authResult = new AuthResult();
@@ -377,8 +389,8 @@ describe("SsoComponent", () => {
           const reasonString = ForceSetPasswordReason[forceResetPasswordReason];
           let authResult;
           beforeEach(() => {
-            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-              mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice,
+            selectedUserDecryptionOptions.next(
+              mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
             );
 
             authResult = new AuthResult();
@@ -394,8 +406,8 @@ describe("SsoComponent", () => {
       describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
         let authResult;
         beforeEach(() => {
-          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-            mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice,
+          selectedUserDecryptionOptions.next(
+            mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
           );
 
           authResult = new AuthResult();
@@ -440,9 +452,7 @@ describe("SsoComponent", () => {
       describe("Given user needs to set a master password", () => {
         beforeEach(() => {
           // Only need to test the case where the user has no master password to test the primary change mp flow here
-          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-            mockAcctDecryptionOpts.noMasterPassword,
-          );
+          selectedUserDecryptionOptions.next(mockUserDecryptionOpts.noMasterPassword);
         });
 
         testChangePasswordOnSuccessfulLogin();
@@ -450,9 +460,7 @@ describe("SsoComponent", () => {
       });
 
       it("does not navigate to the change password route when the user has key connector even if user has no master password", async () => {
-        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-          mockAcctDecryptionOpts.noMasterPasswordWithKeyConnector,
-        );
+        selectedUserDecryptionOptions.next(mockUserDecryptionOpts.noMasterPasswordWithKeyConnector);
 
         await _component.logIn(code, codeVerifier, orgIdFromState);
         expect(mockLoginStrategyService.logIn).toHaveBeenCalledTimes(1);
@@ -475,9 +483,7 @@ describe("SsoComponent", () => {
 
         beforeEach(() => {
           // use standard user with MP because this test is not concerned with password reset.
-          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-            mockAcctDecryptionOpts.withMasterPassword,
-          );
+          selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
 
           const authResult = new AuthResult();
           authResult.forcePasswordReset = forceResetPasswordReason;
@@ -494,9 +500,7 @@ describe("SsoComponent", () => {
         const authResult = new AuthResult();
         authResult.twoFactorProviders = null;
         // use standard user with MP because this test is not concerned with password reset.
-        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-          mockAcctDecryptionOpts.withMasterPassword,
-        );
+        selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
         authResult.forcePasswordReset = ForceSetPasswordReason.None;
         mockLoginStrategyService.logIn.mockResolvedValue(authResult);
       });
diff --git a/libs/angular/src/auth/components/sso.component.ts b/libs/angular/src/auth/components/sso.component.ts
index a5a08f9aef..68d6e72e8d 100644
--- a/libs/angular/src/auth/components/sso.component.ts
+++ b/libs/angular/src/auth/components/sso.component.ts
@@ -1,15 +1,21 @@
 import { Directive } from "@angular/core";
 import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 import { first } from "rxjs/operators";
 
-import { LoginStrategyServiceAbstraction, SsoLoginCredentials } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  SsoLoginCredentials,
+  TrustedDeviceUserDecryptionOption,
+  UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { SsoPreValidateResponse } from "@bitwarden/common/auth/models/response/sso-pre-validate.response";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -17,7 +23,6 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 @Directive()
@@ -59,7 +64,8 @@ export class SsoComponent {
     protected environmentService: EnvironmentService,
     protected passwordGenerationService: PasswordGenerationServiceAbstraction,
     protected logService: LogService,
-    protected configService: ConfigServiceAbstraction,
+    protected userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+    protected configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -151,8 +157,10 @@ export class SsoComponent {
     // Save state (regardless of new or existing)
     await this.ssoLoginService.setSsoState(state);
 
+    const env = await firstValueFrom(this.environmentService.environment$);
+
     let authorizeUrl =
-      this.environmentService.getIdentityUrl() +
+      env.getIdentityUrl() +
       "/connect/authorize?" +
       "client_id=" +
       this.clientId +
@@ -194,9 +202,6 @@ export class SsoComponent {
       this.formPromise = this.loginStrategyService.logIn(credentials);
       const authResult = await this.formPromise;
 
-      const acctDecryptionOpts: AccountDecryptionOptions =
-        await this.stateService.getAccountDecryptionOptions();
-
       if (authResult.requiresTwoFactor) {
         return await this.handleTwoFactorRequired(orgSsoIdentifier);
       }
@@ -217,15 +222,20 @@ export class SsoComponent {
         return await this.handleForcePasswordReset(orgSsoIdentifier);
       }
 
+      // must come after 2fa check since user decryption options aren't available if 2fa is required
+      const userDecryptionOpts = await firstValueFrom(
+        this.userDecryptionOptionsService.userDecryptionOptions$,
+      );
+
       const tdeEnabled = await this.isTrustedDeviceEncEnabled(
-        acctDecryptionOpts.trustedDeviceOption,
+        userDecryptionOpts.trustedDeviceOption,
       );
 
       if (tdeEnabled) {
         return await this.handleTrustedDeviceEncryptionEnabled(
           authResult,
           orgSsoIdentifier,
-          acctDecryptionOpts,
+          userDecryptionOpts,
         );
       }
 
@@ -233,8 +243,8 @@ export class SsoComponent {
       // have one and they aren't using key connector.
       // Note: TDE & Key connector are mutually exclusive org config options.
       const requireSetPassword =
-        !acctDecryptionOpts.hasMasterPassword &&
-        acctDecryptionOpts.keyConnectorOption === undefined;
+        !userDecryptionOpts.hasMasterPassword &&
+        userDecryptionOpts.keyConnectorOption === undefined;
 
       if (requireSetPassword || authResult.resetMasterPassword) {
         // Change implies going no password -> password in this case
@@ -270,12 +280,12 @@ export class SsoComponent {
   private async handleTrustedDeviceEncryptionEnabled(
     authResult: AuthResult,
     orgIdentifier: string,
-    acctDecryptionOpts: AccountDecryptionOptions,
+    userDecryptionOpts: UserDecryptionOptions,
   ): Promise<void> {
     // If user doesn't have a MP, but has reset password permission, they must set a MP
     if (
-      !acctDecryptionOpts.hasMasterPassword &&
-      acctDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
+      !userDecryptionOpts.hasMasterPassword &&
+      userDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
     ) {
       // Set flag so that auth guard can redirect to set password screen after decryption (trusted or untrusted device)
       // Note: we cannot directly navigate in this scenario as we are in a pre-decryption state, and
diff --git a/libs/angular/src/auth/components/two-factor-options.component.ts b/libs/angular/src/auth/components/two-factor-options.component.ts
index 0ad6486158..2808e41cc2 100644
--- a/libs/angular/src/auth/components/two-factor-options.component.ts
+++ b/libs/angular/src/auth/components/two-factor-options.component.ts
@@ -1,5 +1,6 @@
 import { Directive, EventEmitter, OnInit, Output } from "@angular/core";
 import { Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -31,8 +32,9 @@ export class TwoFactorOptionsComponent implements OnInit {
     this.onProviderSelected.emit(p.type);
   }
 
-  recover() {
-    const webVault = this.environmentService.getWebVaultUrl();
+  async recover() {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webVault = env.getWebVaultUrl();
     this.platformUtilsService.launchUri(webVault + "/#/recover-2fa");
     this.onRecoverSelected.emit();
   }
diff --git a/libs/angular/src/auth/components/two-factor.component.spec.ts b/libs/angular/src/auth/components/two-factor.component.spec.ts
index bf9489ba77..bff39188ea 100644
--- a/libs/angular/src/auth/components/two-factor.component.spec.ts
+++ b/libs/angular/src/auth/components/two-factor.component.spec.ts
@@ -1,28 +1,32 @@
 import { Component } from "@angular/core";
 import { ComponentFixture, TestBed } from "@angular/core/testing";
-import { ActivatedRoute, Router, convertToParamMap } from "@angular/router";
-import { MockProxy, mock } from "jest-mock-extended";
+import { ActivatedRoute, convertToParamMap, Router } from "@angular/router";
+import { mock, MockProxy } from "jest-mock-extended";
+import { BehaviorSubject } from "rxjs";
 
 // eslint-disable-next-line no-restricted-imports
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  FakeKeyConnectorUserDecryptionOption as KeyConnectorUserDecryptionOption,
+  FakeTrustedDeviceUserDecryptionOption as TrustedDeviceUserDecryptionOption,
+  FakeUserDecryptionOptions as UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { KeyConnectorUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
-import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 
 import { TwoFactorComponent } from "./two-factor.component";
 
@@ -55,21 +59,24 @@ describe("TwoFactorComponent", () => {
   let mockLogService: MockProxy<LogService>;
   let mockTwoFactorService: MockProxy<TwoFactorService>;
   let mockAppIdService: MockProxy<AppIdService>;
-  let mockLoginService: MockProxy<LoginService>;
+  let mockLoginEmailService: MockProxy<LoginEmailServiceAbstraction>;
+  let mockUserDecryptionOptionsService: MockProxy<UserDecryptionOptionsServiceAbstraction>;
   let mockSsoLoginService: MockProxy<SsoLoginServiceAbstraction>;
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
 
-  let mockAcctDecryptionOpts: {
-    noMasterPassword: AccountDecryptionOptions;
-    withMasterPassword: AccountDecryptionOptions;
-    withMasterPasswordAndTrustedDevice: AccountDecryptionOptions;
-    withMasterPasswordAndTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
-    withMasterPasswordAndKeyConnector: AccountDecryptionOptions;
-    noMasterPasswordWithTrustedDevice: AccountDecryptionOptions;
-    noMasterPasswordWithTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
-    noMasterPasswordWithKeyConnector: AccountDecryptionOptions;
+  let mockUserDecryptionOpts: {
+    noMasterPassword: UserDecryptionOptions;
+    withMasterPassword: UserDecryptionOptions;
+    withMasterPasswordAndTrustedDevice: UserDecryptionOptions;
+    withMasterPasswordAndTrustedDeviceWithManageResetPassword: UserDecryptionOptions;
+    withMasterPasswordAndKeyConnector: UserDecryptionOptions;
+    noMasterPasswordWithTrustedDevice: UserDecryptionOptions;
+    noMasterPasswordWithTrustedDeviceWithManageResetPassword: UserDecryptionOptions;
+    noMasterPasswordWithKeyConnector: UserDecryptionOptions;
   };
 
+  let selectedUserDecryptionOptions: BehaviorSubject<UserDecryptionOptions>;
+
   beforeEach(() => {
     mockLoginStrategyService = mock<LoginStrategyServiceAbstraction>();
     mockRouter = mock<Router>();
@@ -82,53 +89,57 @@ describe("TwoFactorComponent", () => {
     mockLogService = mock<LogService>();
     mockTwoFactorService = mock<TwoFactorService>();
     mockAppIdService = mock<AppIdService>();
-    mockLoginService = mock<LoginService>();
+    mockLoginEmailService = mock<LoginEmailServiceAbstraction>();
+    mockUserDecryptionOptionsService = mock<UserDecryptionOptionsServiceAbstraction>();
     mockSsoLoginService = mock<SsoLoginServiceAbstraction>();
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockConfigService = mock<ConfigService>();
 
-    mockAcctDecryptionOpts = {
-      noMasterPassword: new AccountDecryptionOptions({
+    mockUserDecryptionOpts = {
+      noMasterPassword: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: undefined,
         keyConnectorOption: undefined,
       }),
-      withMasterPassword: new AccountDecryptionOptions({
+      withMasterPassword: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: undefined,
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndTrustedDevice: new AccountDecryptionOptions({
+      withMasterPasswordAndTrustedDevice: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
         keyConnectorOption: undefined,
       }),
-      withMasterPasswordAndKeyConnector: new AccountDecryptionOptions({
+      withMasterPasswordAndKeyConnector: new UserDecryptionOptions({
         hasMasterPassword: true,
         trustedDeviceOption: undefined,
         keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
       }),
-      noMasterPasswordWithTrustedDevice: new AccountDecryptionOptions({
+      noMasterPasswordWithTrustedDevice: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
         keyConnectorOption: undefined,
       }),
-      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
         keyConnectorOption: undefined,
       }),
-      noMasterPasswordWithKeyConnector: new AccountDecryptionOptions({
+      noMasterPasswordWithKeyConnector: new UserDecryptionOptions({
         hasMasterPassword: false,
         trustedDeviceOption: undefined,
         keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
       }),
     };
 
+    selectedUserDecryptionOptions = new BehaviorSubject<UserDecryptionOptions>(null);
+    mockUserDecryptionOptionsService.userDecryptionOptions$ = selectedUserDecryptionOptions;
+
     TestBed.configureTestingModule({
       declarations: [TestTwoFactorComponent],
       providers: [
@@ -152,9 +163,13 @@ describe("TwoFactorComponent", () => {
         { provide: LogService, useValue: mockLogService },
         { provide: TwoFactorService, useValue: mockTwoFactorService },
         { provide: AppIdService, useValue: mockAppIdService },
-        { provide: LoginService, useValue: mockLoginService },
+        { provide: LoginEmailServiceAbstraction, useValue: mockLoginEmailService },
+        {
+          provide: UserDecryptionOptionsServiceAbstraction,
+          useValue: mockUserDecryptionOptionsService,
+        },
         { provide: SsoLoginServiceAbstraction, useValue: mockSsoLoginService },
-        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+        { provide: ConfigService, useValue: mockConfigService },
       ],
     });
 
@@ -213,9 +228,7 @@ describe("TwoFactorComponent", () => {
         component.remember = remember;
         component.captchaToken = captchaToken;
 
-        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-          mockAcctDecryptionOpts.withMasterPassword,
-        );
+        selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
       });
 
       it("calls authService.logInTwoFactor with correct parameters when form is submitted", async () => {
@@ -267,11 +280,11 @@ describe("TwoFactorComponent", () => {
         expect(component.onSuccessfulLogin).toHaveBeenCalled();
       });
 
-      it("calls loginService.clearValues() when login is successful", async () => {
+      it("calls loginEmailService.clearValues() when login is successful", async () => {
         // Arrange
         mockLoginStrategyService.logInTwoFactor.mockResolvedValue(new AuthResult());
-        // spy on loginService.clearValues
-        const clearValuesSpy = jest.spyOn(mockLoginService, "clearValues");
+        // spy on loginEmailService.clearValues
+        const clearValuesSpy = jest.spyOn(mockLoginEmailService, "clearValues");
 
         // Act
         await component.doSubmit();
@@ -289,17 +302,15 @@ describe("TwoFactorComponent", () => {
         describe("Given user needs to set a master password", () => {
           beforeEach(() => {
             // Only need to test the case where the user has no master password to test the primary change mp flow here
-            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-              mockAcctDecryptionOpts.noMasterPassword,
-            );
+            selectedUserDecryptionOptions.next(mockUserDecryptionOpts.noMasterPassword);
           });
 
           testChangePasswordOnSuccessfulLogin();
         });
 
         it("does not navigate to the change password route when the user has key connector even if user has no master password", async () => {
-          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-            mockAcctDecryptionOpts.noMasterPasswordWithKeyConnector,
+          selectedUserDecryptionOptions.next(
+            mockUserDecryptionOpts.noMasterPasswordWithKeyConnector,
           );
 
           await component.doSubmit();
@@ -321,9 +332,7 @@ describe("TwoFactorComponent", () => {
 
           beforeEach(() => {
             // use standard user with MP because this test is not concerned with password reset.
-            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-              mockAcctDecryptionOpts.withMasterPassword,
-            );
+            selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
 
             const authResult = new AuthResult();
             authResult.forcePasswordReset = forceResetPasswordReason;
@@ -385,8 +394,8 @@ describe("TwoFactorComponent", () => {
 
         describe("Given Trusted Device Encryption is enabled and user needs to set a master password", () => {
           beforeEach(() => {
-            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-              mockAcctDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword,
+            selectedUserDecryptionOptions.next(
+              mockUserDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword,
             );
 
             const authResult = new AuthResult();
@@ -420,8 +429,8 @@ describe("TwoFactorComponent", () => {
 
             beforeEach(() => {
               // use standard user with MP because this test is not concerned with password reset.
-              mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-                mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice,
+              selectedUserDecryptionOptions.next(
+                mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
               );
 
               const authResult = new AuthResult();
@@ -436,8 +445,8 @@ describe("TwoFactorComponent", () => {
         describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
           let authResult;
           beforeEach(() => {
-            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
-              mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice,
+            selectedUserDecryptionOptions.next(
+              mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
             );
 
             authResult = new AuthResult();
diff --git a/libs/angular/src/auth/components/two-factor.component.ts b/libs/angular/src/auth/components/two-factor.component.ts
index c697d9ceb0..c306e6cc80 100644
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -6,28 +6,31 @@ import { first } from "rxjs/operators";
 
 // eslint-disable-next-line no-restricted-imports
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
-import { LoginStrategyServiceAbstraction } from "@bitwarden/auth/common";
+import {
+  LoginStrategyServiceAbstraction,
+  LoginEmailServiceAbstraction,
+  TrustedDeviceUserDecryptionOption,
+  UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { AuthenticationType } from "@bitwarden/common/auth/enums/authentication-type";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { TwoFactorEmailRequest } from "@bitwarden/common/auth/models/request/two-factor-email.request";
 import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.service";
 import { WebAuthnIFrame } from "@bitwarden/common/auth/webauthn-iframe";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 
 import { CaptchaProtectedComponent } from "./captcha-protected.component";
 
@@ -85,9 +88,10 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     protected logService: LogService,
     protected twoFactorService: TwoFactorService,
     protected appIdService: AppIdService,
-    protected loginService: LoginService,
+    protected loginEmailService: LoginEmailServiceAbstraction,
+    protected userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     protected ssoLoginService: SsoLoginServiceAbstraction,
-    protected configService: ConfigServiceAbstraction,
+    protected configService: ConfigService,
   ) {
     super(environmentService, i18nService, platformUtilsService);
     this.webAuthnSupported = this.platformUtilsService.supportsWebAuthn(win);
@@ -112,7 +116,8 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     }
 
     if (this.win != null && this.webAuthnSupported) {
-      const webVaultUrl = this.environmentService.getWebVaultUrl();
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const webVaultUrl = env.getWebVaultUrl();
       this.webAuthn = new WebAuthnIFrame(
         this.win,
         webVaultUrl,
@@ -283,29 +288,30 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     // - TDE login decryption options component
     // - Browser SSO on extension open
     await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(this.orgIdentifier);
-    this.loginService.clearValues();
+    this.loginEmailService.clearValues();
 
     // note: this flow affects both TDE & standard users
     if (this.isForcePasswordResetRequired(authResult)) {
       return await this.handleForcePasswordReset(this.orgIdentifier);
     }
 
-    const acctDecryptionOpts: AccountDecryptionOptions =
-      await this.stateService.getAccountDecryptionOptions();
+    const userDecryptionOpts = await firstValueFrom(
+      this.userDecryptionOptionsService.userDecryptionOptions$,
+    );
 
-    const tdeEnabled = await this.isTrustedDeviceEncEnabled(acctDecryptionOpts.trustedDeviceOption);
+    const tdeEnabled = await this.isTrustedDeviceEncEnabled(userDecryptionOpts.trustedDeviceOption);
 
     if (tdeEnabled) {
       return await this.handleTrustedDeviceEncryptionEnabled(
         authResult,
         this.orgIdentifier,
-        acctDecryptionOpts,
+        userDecryptionOpts,
       );
     }
 
     // User must set password if they don't have one and they aren't using either TDE or key connector.
     const requireSetPassword =
-      !acctDecryptionOpts.hasMasterPassword && acctDecryptionOpts.keyConnectorOption === undefined;
+      !userDecryptionOpts.hasMasterPassword && userDecryptionOpts.keyConnectorOption === undefined;
 
     if (requireSetPassword || authResult.resetMasterPassword) {
       // Change implies going no password -> password in this case
@@ -326,12 +332,12 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
   private async handleTrustedDeviceEncryptionEnabled(
     authResult: AuthResult,
     orgIdentifier: string,
-    acctDecryptionOpts: AccountDecryptionOptions,
+    userDecryptionOpts: UserDecryptionOptions,
   ): Promise<void> {
     // If user doesn't have a MP, but has reset password permission, they must set a MP
     if (
-      !acctDecryptionOpts.hasMasterPassword &&
-      acctDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
+      !userDecryptionOpts.hasMasterPassword &&
+      userDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
     ) {
       // Set flag so that auth guard can redirect to set password screen after decryption (trusted or untrusted device)
       // Note: we cannot directly navigate to the set password screen in this scenario as we are in a pre-decryption state, and
@@ -489,5 +495,5 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
   }
 
   // implemented in clients
-  launchDuoFrameless() {}
+  async launchDuoFrameless() {}
 }
diff --git a/libs/angular/src/auth/guards/lock.guard.ts b/libs/angular/src/auth/guards/lock.guard.ts
index f77a6c71e1..6f71d77a63 100644
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -53,7 +53,7 @@ export function lockGuard(): CanActivateFn {
 
     // User is authN and in locked state.
 
-    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+    const tdeEnabled = await firstValueFrom(deviceTrustCryptoService.supportsDeviceTrust$);
 
     // Create special exception which allows users to go from the login-initiated page to the lock page for the approve w/ MP flow
     // The MP check is necessary to prevent direct manual navigation from other locked state pages for users who don't have a MP
diff --git a/libs/angular/src/auth/guards/redirect.guard.ts b/libs/angular/src/auth/guards/redirect.guard.ts
index 504fcb3f36..ca9152186d 100644
--- a/libs/angular/src/auth/guards/redirect.guard.ts
+++ b/libs/angular/src/auth/guards/redirect.guard.ts
@@ -46,7 +46,7 @@ export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActiv
 
     // If locked, TDE is enabled, and the user hasn't decrypted yet, then redirect to the
     // login decryption options component.
-    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+    const tdeEnabled = await firstValueFrom(deviceTrustCryptoService.supportsDeviceTrust$);
     const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
     if (authStatus === AuthenticationStatus.Locked && tdeEnabled && !everHadUserKey) {
       return router.createUrlTree([routes.notDecrypted], { queryParams: route.queryParams });
diff --git a/libs/angular/src/auth/guards/tde-decryption-required.guard.ts b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
index b2b33fcd77..146c6e19a2 100644
--- a/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
+++ b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
@@ -26,7 +26,7 @@ export function tdeDecryptionRequiredGuard(): CanActivateFn {
     const router = inject(Router);
 
     const authStatus = await authService.getAuthStatus();
-    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+    const tdeEnabled = await firstValueFrom(deviceTrustCryptoService.supportsDeviceTrust$);
     const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
     if (authStatus !== AuthenticationStatus.Locked || !tdeEnabled || everHadUserKey) {
       return router.createUrlTree(["/"]);
diff --git a/libs/angular/src/components/share.component.ts b/libs/angular/src/components/share.component.ts
index 53f064d6f4..6687e784f0 100644
--- a/libs/angular/src/components/share.component.ts
+++ b/libs/angular/src/components/share.component.ts
@@ -62,6 +62,7 @@ export class ShareComponent implements OnInit, OnDestroy {
     this.organizations$.pipe(takeUntil(this._destroy)).subscribe((orgs) => {
       if (this.organizationId == null && orgs.length > 0) {
         this.organizationId = orgs[0].id;
+        this.filterCollections();
       }
     });
 
@@ -69,8 +70,6 @@ export class ShareComponent implements OnInit, OnDestroy {
     this.cipher = await cipherDomain.decrypt(
       await this.cipherService.getKeyForCipherKeyDecryption(cipherDomain),
     );
-
-    this.filterCollections();
   }
 
   filterCollections() {
diff --git a/libs/angular/src/directives/if-feature.directive.spec.ts b/libs/angular/src/directives/if-feature.directive.spec.ts
index 01364b2ada..944410be7d 100644
--- a/libs/angular/src/directives/if-feature.directive.spec.ts
+++ b/libs/angular/src/directives/if-feature.directive.spec.ts
@@ -4,7 +4,7 @@ import { By } from "@angular/platform-browser";
 import { mock, MockProxy } from "jest-mock-extended";
 
 import { FeatureFlag, FeatureFlagValue } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 
 import { IfFeatureDirective } from "./if-feature.directive";
@@ -39,7 +39,7 @@ class TestComponent {
 describe("IfFeatureDirective", () => {
   let fixture: ComponentFixture<TestComponent>;
   let content: HTMLElement;
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
 
   const mockConfigFlagValue = (flag: FeatureFlag, flagValue: FeatureFlagValue) => {
     mockConfigService.getFeatureFlag.mockImplementation((f, defaultValue) =>
@@ -51,14 +51,14 @@ describe("IfFeatureDirective", () => {
     fixture.debugElement.query(By.css(`[data-testid="${testId}"]`))?.nativeElement;
 
   beforeEach(async () => {
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockConfigService = mock<ConfigService>();
 
     await TestBed.configureTestingModule({
       declarations: [IfFeatureDirective, TestComponent],
       providers: [
         { provide: LogService, useValue: mock<LogService>() },
         {
-          provide: ConfigServiceAbstraction,
+          provide: ConfigService,
           useValue: mockConfigService,
         },
       ],
diff --git a/libs/angular/src/directives/if-feature.directive.ts b/libs/angular/src/directives/if-feature.directive.ts
index ff08125678..069f306a89 100644
--- a/libs/angular/src/directives/if-feature.directive.ts
+++ b/libs/angular/src/directives/if-feature.directive.ts
@@ -1,7 +1,7 @@
 import { Directive, Input, OnInit, TemplateRef, ViewContainerRef } from "@angular/core";
 
 import { FeatureFlag, FeatureFlagValue } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 
 /**
@@ -30,7 +30,7 @@ export class IfFeatureDirective implements OnInit {
   constructor(
     private templateRef: TemplateRef<any>,
     private viewContainer: ViewContainerRef,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private logService: LogService,
   ) {}
 
diff --git a/libs/angular/src/jslib.module.ts b/libs/angular/src/jslib.module.ts
index 1177106767..64fb44e3b8 100644
--- a/libs/angular/src/jslib.module.ts
+++ b/libs/angular/src/jslib.module.ts
@@ -29,7 +29,6 @@ import { UserTypePipe } from "./pipes/user-type.pipe";
 import { EllipsisPipe } from "./platform/pipes/ellipsis.pipe";
 import { FingerprintPipe } from "./platform/pipes/fingerprint.pipe";
 import { I18nPipe } from "./platform/pipes/i18n.pipe";
-import { ExportScopeCalloutComponent } from "./tools/export/components/export-scope-callout.component";
 import { PasswordStrengthComponent } from "./tools/password-strength/password-strength.component";
 import { IconComponent } from "./vault/components/icon.component";
 
@@ -54,7 +53,6 @@ import { IconComponent } from "./vault/components/icon.component";
     CopyTextDirective,
     CreditCardNumberPipe,
     EllipsisPipe,
-    ExportScopeCalloutComponent,
     FallbackSrcDirective,
     I18nPipe,
     IconComponent,
@@ -85,7 +83,6 @@ import { IconComponent } from "./vault/components/icon.component";
     CopyTextDirective,
     CreditCardNumberPipe,
     EllipsisPipe,
-    ExportScopeCalloutComponent,
     FallbackSrcDirective,
     I18nPipe,
     IconComponent,
diff --git a/libs/angular/src/platform/abstractions/form-validation-errors.service.ts b/libs/angular/src/platform/abstractions/form-validation-errors.service.ts
index 08a12443a0..266afff5f3 100644
--- a/libs/angular/src/platform/abstractions/form-validation-errors.service.ts
+++ b/libs/angular/src/platform/abstractions/form-validation-errors.service.ts
@@ -9,5 +9,5 @@ export interface FormGroupControls {
 }
 
 export abstract class FormValidationErrorsService {
-  getFormValidationErrors: (controls: FormGroupControls) => AllValidationErrors[];
+  abstract getFormValidationErrors(controls: FormGroupControls): AllValidationErrors[];
 }
diff --git a/libs/angular/src/platform/guard/feature-flag.guard.spec.ts b/libs/angular/src/platform/guard/feature-flag.guard.spec.ts
index 95dd56cd50..88637dff97 100644
--- a/libs/angular/src/platform/guard/feature-flag.guard.spec.ts
+++ b/libs/angular/src/platform/guard/feature-flag.guard.spec.ts
@@ -5,7 +5,7 @@ import { RouterTestingModule } from "@angular/router/testing";
 import { mock, MockProxy } from "jest-mock-extended";
 
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -21,11 +21,11 @@ describe("canAccessFeature", () => {
   const featureRoute = "enabled-feature";
   const redirectRoute = "redirect";
 
-  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+  let mockConfigService: MockProxy<ConfigService>;
   let mockPlatformUtilsService: MockProxy<PlatformUtilsService>;
 
   const setup = (featureGuard: CanActivateFn, flagValue: any) => {
-    mockConfigService = mock<ConfigServiceAbstraction>();
+    mockConfigService = mock<ConfigService>();
     mockPlatformUtilsService = mock<PlatformUtilsService>();
 
     // Mock the correct getter based on the type of flagValue; also mock default values if one is not provided
@@ -56,7 +56,7 @@ describe("canAccessFeature", () => {
         ]),
       ],
       providers: [
-        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+        { provide: ConfigService, useValue: mockConfigService },
         { provide: PlatformUtilsService, useValue: mockPlatformUtilsService },
         { provide: LogService, useValue: mock<LogService>() },
         {
diff --git a/libs/angular/src/platform/guard/feature-flag.guard.ts b/libs/angular/src/platform/guard/feature-flag.guard.ts
index 8842f04152..bfcabc2b53 100644
--- a/libs/angular/src/platform/guard/feature-flag.guard.ts
+++ b/libs/angular/src/platform/guard/feature-flag.guard.ts
@@ -2,7 +2,7 @@ import { inject } from "@angular/core";
 import { CanActivateFn, Router } from "@angular/router";
 
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -23,7 +23,7 @@ export const canAccessFeature = (
   redirectUrlOnDisabled?: string,
 ): CanActivateFn => {
   return async () => {
-    const configService = inject(ConfigServiceAbstraction);
+    const configService = inject(ConfigService);
     const platformUtilsService = inject(PlatformUtilsService);
     const router = inject(Router);
     const i18nService = inject(I18nService);
diff --git a/libs/angular/src/platform/services/logging-error-handler.ts b/libs/angular/src/platform/services/logging-error-handler.ts
new file mode 100644
index 0000000000..522412dd28
--- /dev/null
+++ b/libs/angular/src/platform/services/logging-error-handler.ts
@@ -0,0 +1,22 @@
+import { ErrorHandler, Injectable, Injector, inject } from "@angular/core";
+
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+
+@Injectable()
+export class LoggingErrorHandler extends ErrorHandler {
+  /**
+   * When injecting services into an `ErrorHandler`, we must use the `Injector` manually to avoid circular dependency errors.
+   *
+   * https://stackoverflow.com/a/57115053
+   */
+  private injector = inject(Injector);
+
+  override handleError(error: any): void {
+    try {
+      const logService = this.injector.get(LogService, null);
+      logService.error(error);
+    } catch {
+      super.handleError(error);
+    }
+  }
+}
diff --git a/libs/angular/src/platform/services/theming/theming.service.abstraction.ts b/libs/angular/src/platform/services/theming/theming.service.abstraction.ts
index 9a012a7f75..4306d312c5 100644
--- a/libs/angular/src/platform/services/theming/theming.service.abstraction.ts
+++ b/libs/angular/src/platform/services/theming/theming.service.abstraction.ts
@@ -11,12 +11,12 @@ export abstract class AbstractThemingService {
    * The effective theme based on the user configured choice and the current system theme if
    * the configured choice is {@link ThemeType.System}.
    */
-  theme$: Observable<ThemeType>;
+  abstract theme$: Observable<ThemeType>;
   /**
    * Listens for effective theme changes and applies changes to the provided document.
    * @param document The document that should have theme classes applied to it.
    *
    * @returns A subscription that can be unsubscribed from to cancel the application of theme classes.
    */
-  applyThemeChangesTo: (document: Document) => Subscription;
+  abstract applyThemeChangesTo(document: Document): Subscription;
 }
diff --git a/libs/angular/src/platform/utils/safe-provider.ts b/libs/angular/src/platform/utils/safe-provider.ts
index 65ce49cda9..7c19a280d6 100644
--- a/libs/angular/src/platform/utils/safe-provider.ts
+++ b/libs/angular/src/platform/utils/safe-provider.ts
@@ -4,7 +4,7 @@ import { Constructor, Opaque } from "type-fest";
 import { SafeInjectionToken } from "../../services/injection-tokens";
 
 /**
- * The return type of our dependency helper functions.
+ * The return type of the {@link safeProvider} helper function.
  * Used to distinguish a type safe provider definition from a non-type safe provider definition.
  */
 export type SafeProvider = Opaque<Provider>;
@@ -18,12 +18,22 @@ type MapParametersToDeps<T> = {
 
 type SafeInjectionTokenType<T> = T extends SafeInjectionToken<infer J> ? J : never;
 
+/**
+ * Gets the instance type from a constructor, abstract constructor, or SafeInjectionToken
+ */
+type ProviderInstanceType<T> =
+  T extends SafeInjectionToken<any>
+    ? InstanceType<SafeInjectionTokenType<T>>
+    : T extends Constructor<any> | AbstractConstructor<any>
+      ? InstanceType<T>
+      : never;
+
 /**
  * Represents a dependency provided with the useClass option.
  */
 type SafeClassProvider<
-  A extends AbstractConstructor<any>,
-  I extends Constructor<InstanceType<A>>,
+  A extends AbstractConstructor<any> | SafeInjectionToken<any>,
+  I extends Constructor<ProviderInstanceType<A>>,
   D extends MapParametersToDeps<ConstructorParameters<I>>,
 > = {
   provide: A;
@@ -40,42 +50,41 @@ type SafeValueProvider<A extends SafeInjectionToken<any>, V extends SafeInjectio
 };
 
 /**
- * Represents a dependency provided with the useFactory option where a SafeInjectionToken is used as the token.
+ * Represents a dependency provided with the useFactory option.
  */
-type SafeFactoryProviderWithToken<
-  A extends SafeInjectionToken<any>,
-  I extends (...args: any) => InstanceType<SafeInjectionTokenType<A>>,
-  D extends MapParametersToDeps<Parameters<I>>,
-> = {
-  provide: A;
-  useFactory: I;
-  deps: D;
-};
-
-/**
- * Represents a dependency provided with the useFactory option where an abstract class is used as the token.
- */
-type SafeFactoryProviderWithClass<
-  A extends AbstractConstructor<any>,
-  I extends (...args: any) => InstanceType<A>,
+type SafeFactoryProvider<
+  A extends AbstractConstructor<any> | SafeInjectionToken<any>,
+  I extends (...args: any) => ProviderInstanceType<A>,
   D extends MapParametersToDeps<Parameters<I>>,
 > = {
   provide: A;
   useFactory: I;
   deps: D;
+  multi?: boolean;
 };
 
 /**
  * Represents a dependency provided with the useExisting option.
  */
 type SafeExistingProvider<
-  A extends Constructor<any> | AbstractConstructor<any>,
-  I extends Constructor<InstanceType<A>> | AbstractConstructor<InstanceType<A>>,
+  A extends Constructor<any> | AbstractConstructor<any> | SafeInjectionToken<any>,
+  I extends Constructor<ProviderInstanceType<A>> | AbstractConstructor<ProviderInstanceType<A>>,
 > = {
   provide: A;
   useExisting: I;
 };
 
+/**
+ * Represents a dependency where there is no abstract token, the token is the implementation
+ */
+type SafeConcreteProvider<
+  I extends Constructor<any>,
+  D extends MapParametersToDeps<ConstructorParameters<I>>,
+> = {
+  provide: I;
+  deps: D;
+};
+
 /**
  * A factory function that creates a provider for the ngModule providers array.
  * This guarantees type safety for your provider definition. It does nothing at runtime.
@@ -84,31 +93,30 @@ type SafeExistingProvider<
  */
 export const safeProvider = <
   // types for useClass
-  AClass extends AbstractConstructor<any>,
-  IClass extends Constructor<InstanceType<AClass>>,
+  AClass extends AbstractConstructor<any> | SafeInjectionToken<any>,
+  IClass extends Constructor<ProviderInstanceType<AClass>>,
   DClass extends MapParametersToDeps<ConstructorParameters<IClass>>,
   // types for useValue
   AValue extends SafeInjectionToken<any>,
   VValue extends SafeInjectionTokenType<AValue>,
-  // types for useFactoryWithToken
-  AFactoryToken extends SafeInjectionToken<any>,
-  IFactoryToken extends (...args: any) => InstanceType<SafeInjectionTokenType<AFactoryToken>>,
-  DFactoryToken extends MapParametersToDeps<Parameters<IFactoryToken>>,
-  // types for useFactoryWithClass
-  AFactoryClass extends AbstractConstructor<any>,
-  IFactoryClass extends (...args: any) => InstanceType<AFactoryClass>,
-  DFactoryClass extends MapParametersToDeps<Parameters<IFactoryClass>>,
+  // types for useFactory
+  AFactory extends AbstractConstructor<any> | SafeInjectionToken<any>,
+  IFactory extends (...args: any) => ProviderInstanceType<AFactory>,
+  DFactory extends MapParametersToDeps<Parameters<IFactory>>,
   // types for useExisting
-  AExisting extends Constructor<any> | AbstractConstructor<any>,
+  AExisting extends Constructor<any> | AbstractConstructor<any> | SafeInjectionToken<any>,
   IExisting extends
-    | Constructor<InstanceType<AExisting>>
-    | AbstractConstructor<InstanceType<AExisting>>,
+    | Constructor<ProviderInstanceType<AExisting>>
+    | AbstractConstructor<ProviderInstanceType<AExisting>>,
+  // types for no token
+  IConcrete extends Constructor<any>,
+  DConcrete extends MapParametersToDeps<ConstructorParameters<IConcrete>>,
 >(
   provider:
     | SafeClassProvider<AClass, IClass, DClass>
     | SafeValueProvider<AValue, VValue>
-    | SafeFactoryProviderWithToken<AFactoryToken, IFactoryToken, DFactoryToken>
-    | SafeFactoryProviderWithClass<AFactoryClass, IFactoryClass, DFactoryClass>
+    | SafeFactoryProvider<AFactory, IFactory, DFactory>
     | SafeExistingProvider<AExisting, IExisting>
+    | SafeConcreteProvider<IConcrete, DConcrete>
     | Constructor<unknown>,
 ): SafeProvider => provider as SafeProvider;
diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts
index 24d2ccee61..d54fa52114 100644
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1,5 +1,4 @@
-import { LOCALE_ID, NgModule } from "@angular/core";
-import { UnwrapOpaque } from "type-fest";
+import { ErrorHandler, LOCALE_ID, NgModule } from "@angular/core";
 
 import {
   AuthRequestServiceAbstraction,
@@ -8,6 +7,11 @@ import {
   PinCryptoService,
   LoginStrategyServiceAbstraction,
   LoginStrategyService,
+  LoginEmailServiceAbstraction,
+  LoginEmailService,
+  InternalUserDecryptionOptionsServiceAbstraction,
+  UserDecryptionOptionsService,
+  UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
@@ -56,7 +60,6 @@ import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abst
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
-import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
 import { PasswordResetEnrollmentServiceAbstraction } from "@bitwarden/common/auth/abstractions/password-reset-enrollment.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
@@ -75,7 +78,6 @@ import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device
 import { DevicesServiceImplementation } from "@bitwarden/common/auth/services/devices/devices.service.implementation";
 import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
-import { LoginService } from "@bitwarden/common/auth/services/login.service";
 import { PasswordResetEnrollmentServiceImplementation } from "@bitwarden/common/auth/services/password-reset-enrollment.service.implementation";
 import { SsoLoginService } from "@bitwarden/common/auth/services/sso-login.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
@@ -108,11 +110,11 @@ import { PaymentMethodWarningsService } from "@bitwarden/common/billing/services
 import { AppIdService as AppIdServiceAbstraction } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService as BroadcasterServiceAbstraction } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { ConfigApiServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config-api.service.abstraction";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
-import { EnvironmentService as EnvironmentServiceAbstraction } from "@bitwarden/common/platform/abstractions/environment.service";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { FileUploadService as FileUploadServiceAbstraction } from "@bitwarden/common/platform/abstractions/file-upload/file-upload.service";
 import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { KeyGenerationService as KeyGenerationServiceAbstraction } from "@bitwarden/common/platform/abstractions/key-generation.service";
@@ -132,12 +134,12 @@ import { Account } from "@bitwarden/common/platform/models/domain/account";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
 import { AppIdService } from "@bitwarden/common/platform/services/app-id.service";
 import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service";
-import { ConfigService } from "@bitwarden/common/platform/services/config/config.service";
+import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
 import { MultithreadEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/multithread-encrypt.service.implementation";
-import { EnvironmentService } from "@bitwarden/common/platform/services/environment.service";
+import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
 import { FileUploadService } from "@bitwarden/common/platform/services/file-upload/file-upload.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/services/key-generation.service";
 import { MigrationBuilderService } from "@bitwarden/common/platform/services/migration-builder.service";
@@ -236,6 +238,7 @@ import { UnauthGuard } from "../auth/guards/unauth.guard";
 import { FormValidationErrorsService as FormValidationErrorsServiceAbstraction } from "../platform/abstractions/form-validation-errors.service";
 import { BroadcasterService } from "../platform/services/broadcaster.service";
 import { FormValidationErrorsService } from "../platform/services/form-validation-errors.service";
+import { LoggingErrorHandler } from "../platform/services/logging-error-handler";
 import { AngularThemingService } from "../platform/services/theming/angular-theming.service";
 import { AbstractThemingService } from "../platform/services/theming/theming.service.abstraction";
 import { safeProvider, SafeProvider } from "../platform/utils/safe-provider";
@@ -243,8 +246,8 @@ import { safeProvider, SafeProvider } from "../platform/utils/safe-provider";
 import {
   LOCALES_DIRECTORY,
   LOCKED_CALLBACK,
-  LOG_MAC_FAILURES,
   LOGOUT_CALLBACK,
+  LOG_MAC_FAILURES,
   MEMORY_STORAGE,
   OBSERVABLE_DISK_STORAGE,
   OBSERVABLE_MEMORY_STORAGE,
@@ -264,7 +267,7 @@ import { ModalService } from "./modal.service";
  * Add your provider definition here using the safeProvider function as a wrapper. This will give you type safety.
  * If you need help please ask for it, do NOT change the type of this array.
  */
-const typesafeProviders: Array<SafeProvider> = [
+const safeProviders: SafeProvider[] = [
   safeProvider(AuthGuard),
   safeProvider(UnauthGuard),
   safeProvider(ModalService),
@@ -342,10 +345,12 @@ const typesafeProviders: Array<SafeProvider> = [
     provide: AuthServiceAbstraction,
     useClass: AuthService,
     deps: [
+      AccountServiceAbstraction,
       MessagingServiceAbstraction,
       CryptoServiceAbstraction,
       ApiServiceAbstraction,
       StateServiceAbstraction,
+      TokenServiceAbstraction,
     ],
   }),
   safeProvider({
@@ -360,7 +365,7 @@ const typesafeProviders: Array<SafeProvider> = [
       MessagingServiceAbstraction,
       LogService,
       KeyConnectorServiceAbstraction,
-      EnvironmentServiceAbstraction,
+      EnvironmentService,
       StateServiceAbstraction,
       TwoFactorServiceAbstraction,
       I18nServiceAbstraction,
@@ -369,6 +374,7 @@ const typesafeProviders: Array<SafeProvider> = [
       PolicyServiceAbstraction,
       DeviceTrustCryptoServiceAbstraction,
       AuthRequestServiceAbstraction,
+      InternalUserDecryptionOptionsServiceAbstraction,
       GlobalStateProvider,
       BillingAccountProfileStateService,
     ],
@@ -395,7 +401,7 @@ const typesafeProviders: Array<SafeProvider> = [
       autofillSettingsService: AutofillSettingsServiceAbstraction,
       encryptService: EncryptService,
       fileUploadService: CipherFileUploadServiceAbstraction,
-      configService: ConfigServiceAbstraction,
+      configService: ConfigService,
       stateProvider: StateProvider,
     ) =>
       new CipherService(
@@ -421,7 +427,7 @@ const typesafeProviders: Array<SafeProvider> = [
       AutofillSettingsServiceAbstraction,
       EncryptService,
       CipherFileUploadServiceAbstraction,
-      ConfigServiceAbstraction,
+      configService,
       StateProvider,
     ],
   }),
@@ -475,10 +481,19 @@ const typesafeProviders: Array<SafeProvider> = [
     deps: [CryptoServiceAbstraction, I18nServiceAbstraction, StateProvider],
   }),
   safeProvider({
-    provide: EnvironmentServiceAbstraction,
-    useClass: EnvironmentService,
+    provide: EnvironmentService,
+    useClass: DefaultEnvironmentService,
     deps: [StateProvider, AccountServiceAbstraction],
   }),
+  safeProvider({
+    provide: InternalUserDecryptionOptionsServiceAbstraction,
+    useClass: UserDecryptionOptionsService,
+    deps: [StateProvider],
+  }),
+  safeProvider({
+    provide: UserDecryptionOptionsServiceAbstraction,
+    useExisting: InternalUserDecryptionOptionsServiceAbstraction,
+  }),
   safeProvider({
     provide: TotpServiceAbstraction,
     useClass: TotpService,
@@ -491,7 +506,10 @@ const typesafeProviders: Array<SafeProvider> = [
       SingleUserStateProvider,
       GlobalStateProvider,
       SUPPORTS_SECURE_STORAGE,
-      AbstractStorageService,
+      SECURE_STORAGE,
+      KeyGenerationServiceAbstraction,
+      EncryptService,
+      LogService,
     ],
   }),
   safeProvider({
@@ -534,7 +552,7 @@ const typesafeProviders: Array<SafeProvider> = [
     deps: [
       TokenServiceAbstraction,
       PlatformUtilsServiceAbstraction,
-      EnvironmentServiceAbstraction,
+      EnvironmentService,
       AppIdServiceAbstraction,
       StateServiceAbstraction,
       LOGOUT_CALLBACK,
@@ -579,6 +597,7 @@ const typesafeProviders: Array<SafeProvider> = [
       FolderApiServiceAbstraction,
       InternalOrganizationServiceAbstraction,
       SendApiServiceAbstraction,
+      UserDecryptionOptionsServiceAbstraction,
       AvatarServiceAbstraction,
       LOGOUT_CALLBACK,
       BillingAccountProfileStateService,
@@ -589,6 +608,7 @@ const typesafeProviders: Array<SafeProvider> = [
     provide: VaultTimeoutSettingsServiceAbstraction,
     useClass: VaultTimeoutSettingsService,
     deps: [
+      UserDecryptionOptionsServiceAbstraction,
       CryptoServiceAbstraction,
       TokenServiceAbstraction,
       PolicyServiceAbstraction,
@@ -634,7 +654,7 @@ const typesafeProviders: Array<SafeProvider> = [
       LogService,
       STATE_FACTORY,
       AccountServiceAbstraction,
-      EnvironmentServiceAbstraction,
+      EnvironmentService,
       TokenServiceAbstraction,
       MigrationRunner,
       STATE_SERVICE_USE_CACHE,
@@ -698,7 +718,7 @@ const typesafeProviders: Array<SafeProvider> = [
       SyncServiceAbstraction,
       AppIdServiceAbstraction,
       ApiServiceAbstraction,
-      EnvironmentServiceAbstraction,
+      EnvironmentService,
       LOGOUT_CALLBACK,
       StateServiceAbstraction,
       AuthServiceAbstraction,
@@ -749,7 +769,6 @@ const typesafeProviders: Array<SafeProvider> = [
     provide: KeyConnectorServiceAbstraction,
     useClass: KeyConnectorService,
     deps: [
-      StateServiceAbstraction,
       CryptoServiceAbstraction,
       ApiServiceAbstraction,
       TokenServiceAbstraction,
@@ -757,6 +776,7 @@ const typesafeProviders: Array<SafeProvider> = [
       OrganizationServiceAbstraction,
       KeyGenerationServiceAbstraction,
       LOGOUT_CALLBACK,
+      StateProvider,
     ],
   }),
   safeProvider({
@@ -767,6 +787,7 @@ const typesafeProviders: Array<SafeProvider> = [
       CryptoServiceAbstraction,
       I18nServiceAbstraction,
       UserVerificationApiServiceAbstraction,
+      UserDecryptionOptionsServiceAbstraction,
       PinCryptoServiceAbstraction,
       LogService,
       VaultTimeoutSettingsServiceAbstraction,
@@ -833,29 +854,23 @@ const typesafeProviders: Array<SafeProvider> = [
     deps: [],
   }),
   safeProvider({
-    provide: ConfigService,
-    useClass: ConfigService,
-    deps: [
-      StateServiceAbstraction,
-      ConfigApiServiceAbstraction,
-      AuthServiceAbstraction,
-      EnvironmentServiceAbstraction,
-      LogService,
-    ],
+    provide: DefaultConfigService,
+    useClass: DefaultConfigService,
+    deps: [ConfigApiServiceAbstraction, EnvironmentService, LogService, StateProvider],
   }),
   safeProvider({
-    provide: ConfigServiceAbstraction,
-    useExisting: ConfigService,
+    provide: ConfigService,
+    useExisting: DefaultConfigService,
   }),
   safeProvider({
     provide: ConfigApiServiceAbstraction,
     useClass: ConfigApiService,
-    deps: [ApiServiceAbstraction, AuthServiceAbstraction],
+    deps: [ApiServiceAbstraction, TokenServiceAbstraction],
   }),
   safeProvider({
     provide: AnonymousHubServiceAbstraction,
     useClass: AnonymousHubService,
-    deps: [EnvironmentServiceAbstraction, LoginStrategyServiceAbstraction, LogService],
+    deps: [EnvironmentService, AuthRequestServiceAbstraction],
   }),
   safeProvider({
     provide: ValidationServiceAbstraction,
@@ -863,9 +878,9 @@ const typesafeProviders: Array<SafeProvider> = [
     deps: [I18nServiceAbstraction, PlatformUtilsServiceAbstraction],
   }),
   safeProvider({
-    provide: LoginServiceAbstraction,
-    useClass: LoginService,
-    deps: [StateServiceAbstraction],
+    provide: LoginEmailServiceAbstraction,
+    useClass: LoginEmailService,
+    deps: [StateProvider],
   }),
   safeProvider({
     provide: OrgDomainInternalServiceAbstraction,
@@ -899,11 +914,13 @@ const typesafeProviders: Array<SafeProvider> = [
       CryptoFunctionServiceAbstraction,
       CryptoServiceAbstraction,
       EncryptService,
-      StateServiceAbstraction,
       AppIdServiceAbstraction,
       DevicesApiServiceAbstraction,
       I18nServiceAbstraction,
       PlatformUtilsServiceAbstraction,
+      StateProvider,
+      SECURE_STORAGE,
+      UserDecryptionOptionsServiceAbstraction,
     ],
   }),
   safeProvider({
@@ -934,7 +951,7 @@ const typesafeProviders: Array<SafeProvider> = [
   safeProvider({
     provide: WebAuthnLoginApiServiceAbstraction,
     useClass: WebAuthnLoginApiService,
-    deps: [ApiServiceAbstraction, EnvironmentServiceAbstraction],
+    deps: [ApiServiceAbstraction, EnvironmentService],
   }),
   safeProvider({
     provide: WebAuthnLoginServiceAbstraction,
@@ -1050,13 +1067,18 @@ const typesafeProviders: Array<SafeProvider> = [
   safeProvider({
     provide: BillingAccountProfileStateService,
     useClass: DefaultBillingAccountProfileStateService,
-    deps: [ActiveUserStateProvider],
+    deps: [StateProvider],
   }),
   safeProvider({
     provide: OrganizationManagementPreferencesService,
     useClass: DefaultOrganizationManagementPreferencesService,
     deps: [StateProvider],
   }),
+  safeProvider({
+    provide: ErrorHandler,
+    useClass: LoggingErrorHandler,
+    deps: [],
+  }),
 ];
 
 function encryptServiceFactory(
@@ -1072,6 +1094,6 @@ function encryptServiceFactory(
 @NgModule({
   declarations: [],
   // Do not register your dependency here! Add it to the typesafeProviders array using the helper function
-  providers: typesafeProviders as UnwrapOpaque<SafeProvider>[],
+  providers: safeProviders,
 })
 export class JslibServicesModule {}
diff --git a/libs/angular/src/tools/send/add-edit.component.ts b/libs/angular/src/tools/send/add-edit.component.ts
index dafac1e92b..da859e50bf 100644
--- a/libs/angular/src/tools/send/add-edit.component.ts
+++ b/libs/angular/src/tools/send/add-edit.component.ts
@@ -1,7 +1,7 @@
 import { DatePipe } from "@angular/common";
 import { Directive, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
-import { BehaviorSubject, Subject, concatMap, firstValueFrom, map, takeUntil } from "rxjs";
+import { Subject, firstValueFrom, takeUntil, map, BehaviorSubject, concatMap } from "rxjs";
 
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
@@ -123,7 +123,6 @@ export class AddEditComponent implements OnInit, OnDestroy {
       { name: i18nService.t("sendTypeFile"), value: SendType.File, premium: true },
       { name: i18nService.t("sendTypeText"), value: SendType.Text, premium: false },
     ];
-    this.sendLinkBaseUrl = this.environmentService.getSendUrl();
   }
 
   get link(): string {
@@ -190,6 +189,9 @@ export class AddEditComponent implements OnInit, OnDestroy {
         }
       });
 
+    const env = await firstValueFrom(this.environmentService.environment$);
+    this.sendLinkBaseUrl = env.getSendUrl();
+
     this.billingAccountProfileStateService.hasPremiumFromAnySource$
       .pipe(takeUntil(this.destroy$))
       .subscribe((hasPremiumFromAnySource) => {
diff --git a/libs/angular/src/tools/send/send.component.ts b/libs/angular/src/tools/send/send.component.ts
index 553f0e6f89..b3b871a177 100644
--- a/libs/angular/src/tools/send/send.component.ts
+++ b/libs/angular/src/tools/send/send.component.ts
@@ -1,5 +1,5 @@
 import { Directive, NgZone, OnDestroy, OnInit } from "@angular/core";
-import { Subject, takeUntil } from "rxjs";
+import { Subject, firstValueFrom, takeUntil } from "rxjs";
 
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -198,9 +198,9 @@ export class SendComponent implements OnInit, OnDestroy {
     return true;
   }
 
-  copy(s: SendView) {
-    const sendLinkBaseUrl = this.environmentService.getSendUrl();
-    const link = sendLinkBaseUrl + s.accessId + "/" + s.urlB64Key;
+  async copy(s: SendView) {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const link = env.getSendUrl() + s.accessId + "/" + s.urlB64Key;
     this.platformUtilsService.copyToClipboard(link);
     this.platformUtilsService.showToast(
       "success",
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index ee7830ea08..6a1ab63703 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -14,7 +14,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { UriMatchStrategy } from "@bitwarden/common/models/domain/domain-service";
-import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -119,7 +119,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     protected dialogService: DialogService,
     protected win: Window,
     protected datePipe: DatePipe,
-    protected configService: ConfigServiceAbstraction,
+    protected configService: ConfigService,
   ) {
     this.typeOptions = [
       { name: i18nService.t("typeLogin"), value: CipherType.Login },
@@ -402,6 +402,14 @@ export class AddEditComponent implements OnInit, OnDestroy {
     }
   }
 
+  removePasskey() {
+    if (this.cipher.type !== CipherType.Login || this.cipher.login.fido2Credentials == null) {
+      return;
+    }
+
+    this.cipher.login.fido2Credentials = null;
+  }
+
   onCardNumberChange(): void {
     this.cipher.card.brand = CardView.getCardBrandByPatterns(this.cipher.card.number);
   }
@@ -650,11 +658,11 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
   protected saveCipher(cipher: Cipher) {
     const isNotClone = this.editMode && !this.cloneMode;
-    let orgAdmin = this.organization?.isAdmin;
+    let orgAdmin = this.organization?.canEditAllCiphers(this.flexibleCollectionsV1Enabled);
 
-    if (this.flexibleCollectionsV1Enabled) {
-      // Flexible Collections V1 restricts admins, check the organization setting via canEditAllCiphers
-      orgAdmin = this.organization?.canEditAllCiphers(true);
+    // if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection
+    if (!cipher.collectionIds) {
+      orgAdmin = this.organization?.canEditAnyCollection;
     }
 
     return this.cipher.id == null
diff --git a/libs/angular/src/vault/components/icon.component.ts b/libs/angular/src/vault/components/icon.component.ts
index 8323c55d4e..a11be71638 100644
--- a/libs/angular/src/vault/components/icon.component.ts
+++ b/libs/angular/src/vault/components/icon.component.ts
@@ -39,11 +39,12 @@ export class IconComponent implements OnInit {
   ) {}
 
   async ngOnInit() {
-    const iconsUrl = this.environmentService.getIconsUrl();
-
     this.data$ = combineLatest([
+      this.environmentService.environment$.pipe(map((e) => e.getIconsUrl())),
       this.domainSettingsService.showFavicons$.pipe(distinctUntilChanged()),
       this.cipher$.pipe(filter((c) => c !== undefined)),
-    ]).pipe(map(([showFavicon, cipher]) => buildCipherIcon(iconsUrl, cipher, showFavicon)));
+    ]).pipe(
+      map(([iconsUrl, showFavicon, cipher]) => buildCipherIcon(iconsUrl, cipher, showFavicon)),
+    );
   }
 }
diff --git a/libs/angular/src/vault/components/premium.component.ts b/libs/angular/src/vault/components/premium.component.ts
index 974a2b6cdd..ea38be66e4 100644
--- a/libs/angular/src/vault/components/premium.component.ts
+++ b/libs/angular/src/vault/components/premium.component.ts
@@ -1,5 +1,5 @@
-import { Directive } from "@angular/core";
-import { Observable, Subject } from "rxjs";
+import { OnInit, Directive } from "@angular/core";
+import { firstValueFrom, Observable } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
@@ -11,12 +11,11 @@ import { StateService } from "@bitwarden/common/platform/abstractions/state.serv
 import { DialogService } from "@bitwarden/components";
 
 @Directive()
-export class PremiumComponent {
+export class PremiumComponent implements OnInit {
   isPremium$: Observable<boolean>;
   price = 10;
   refreshPromise: Promise<any>;
   cloudWebVaultUrl: string;
-  private directiveIsDestroyed$ = new Subject<boolean>();
 
   constructor(
     protected i18nService: I18nService,
@@ -25,13 +24,16 @@ export class PremiumComponent {
     private logService: LogService,
     protected stateService: StateService,
     protected dialogService: DialogService,
-    environmentService: EnvironmentService,
+    private environmentService: EnvironmentService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
-    this.cloudWebVaultUrl = environmentService.getCloudWebVaultUrl();
     this.isPremium$ = billingAccountProfileStateService.hasPremiumFromAnySource$;
   }
 
+  async ngOnInit() {
+    this.cloudWebVaultUrl = await firstValueFrom(this.environmentService.cloudWebVaultUrl$);
+  }
+
   async refresh() {
     try {
       this.refreshPromise = this.apiService.refreshIdentityToken();
diff --git a/libs/auth/src/angular/user-verification/user-verification-dialog.component.html b/libs/auth/src/angular/user-verification/user-verification-dialog.component.html
index 66e006d945..aa4d26ae61 100644
--- a/libs/auth/src/angular/user-verification/user-verification-dialog.component.html
+++ b/libs/auth/src/angular/user-verification/user-verification-dialog.component.html
@@ -18,12 +18,12 @@
           {{ dialogOptions.bodyText | i18n }}
         </p>
 
-        <app-callout
+        <bit-callout
           *ngIf="dialogOptions.calloutOptions"
           [type]="dialogOptions.calloutOptions.type"
         >
           {{ dialogOptions.calloutOptions.text | i18n }}
-        </app-callout>
+        </bit-callout>
       </ng-container>
 
       <!-- Shown when client side verification methods picked and no verification methods found -->
diff --git a/libs/auth/src/angular/user-verification/user-verification-dialog.component.ts b/libs/auth/src/angular/user-verification/user-verification-dialog.component.ts
index d3a8947352..7b2c869e3a 100644
--- a/libs/auth/src/angular/user-verification/user-verification-dialog.component.ts
+++ b/libs/auth/src/angular/user-verification/user-verification-dialog.component.ts
@@ -12,6 +12,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import {
   AsyncActionsModule,
   ButtonModule,
+  CalloutModule,
   DialogModule,
   DialogService,
 } from "@bitwarden/components";
@@ -34,6 +35,7 @@ import { UserVerificationFormInputComponent } from "./user-verification-form-inp
     DialogModule,
     AsyncActionsModule,
     UserVerificationFormInputComponent,
+    CalloutModule,
   ],
 })
 export class UserVerificationDialogComponent {
diff --git a/libs/auth/src/angular/user-verification/user-verification-dialog.types.ts b/libs/auth/src/angular/user-verification/user-verification-dialog.types.ts
index 2480162f86..f4637c770a 100644
--- a/libs/auth/src/angular/user-verification/user-verification-dialog.types.ts
+++ b/libs/auth/src/angular/user-verification/user-verification-dialog.types.ts
@@ -11,9 +11,9 @@ export type UserVerificationCalloutOptions = {
 
   /**
    * The type of the callout.
-   * Can be "warning", "danger", "error", or "tip".
+   * Can be "warning", "danger", "info", or "success".
    */
-  type: "warning" | "danger" | "error" | "tip";
+  type: "warning" | "danger" | "info" | "success";
 };
 
 /**
diff --git a/libs/auth/src/angular/user-verification/user-verification-form-input.component.html b/libs/auth/src/angular/user-verification/user-verification-form-input.component.html
index afc99b32cb..f532a3b23f 100644
--- a/libs/auth/src/angular/user-verification/user-verification-form-input.component.html
+++ b/libs/auth/src/angular/user-verification/user-verification-form-input.component.html
@@ -49,12 +49,12 @@
         </div>
       </div>
 
-      <app-callout type="error" *ngIf="biometricsVerificationFailed">
+      <bit-callout type="danger" *ngIf="biometricsVerificationFailed">
         {{ "couldNotCompleteBiometrics" | i18n }}
         <button bitLink type="button" linkType="primary" (click)="verifyUserViaBiometrics()">
           {{ "tryAgain" | i18n }}
         </button>
-      </app-callout>
+      </bit-callout>
     </ng-container>
 
     <!-- Alternate verification options if user has more than 1 -->
diff --git a/libs/auth/src/angular/user-verification/user-verification-form-input.component.ts b/libs/auth/src/angular/user-verification/user-verification-form-input.component.ts
index 4f216a76e8..8cb40d9452 100644
--- a/libs/auth/src/angular/user-verification/user-verification-form-input.component.ts
+++ b/libs/auth/src/angular/user-verification/user-verification-form-input.component.ts
@@ -20,6 +20,7 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 import {
   AsyncActionsModule,
   ButtonModule,
+  CalloutModule,
   FormFieldModule,
   IconButtonModule,
   IconModule,
@@ -62,6 +63,7 @@ import { ActiveClientVerificationOption } from "./active-client-verification-opt
     IconModule,
     LinkModule,
     ButtonModule,
+    CalloutModule,
   ],
 })
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
diff --git a/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts b/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
index b91444d3e6..7af92fc8f8 100644
--- a/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
+++ b/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
@@ -1,7 +1,12 @@
+import { Observable } from "rxjs";
+
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
+import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { UserKey, MasterKey } from "@bitwarden/common/types/key";
 
 export abstract class AuthRequestServiceAbstraction {
+  /** Emits an auth request id when an auth request has been approved. */
+  authRequestPushNotification$: Observable<string>;
   /**
    * Approve or deny an auth request.
    * @param approve True to approve, false to deny.
@@ -54,4 +59,11 @@ export abstract class AuthRequestServiceAbstraction {
     pubKeyEncryptedMasterKeyHash: string,
     privateKey: ArrayBuffer,
   ) => Promise<{ masterKey: MasterKey; masterKeyHash: string }>;
+
+  /**
+   * Handles incoming auth request push notifications.
+   * @param notification push notification.
+   * @remark We should only be receiving approved push notifications to prevent enumeration.
+   */
+  abstract sendAuthRequestPushNotification: (notification: AuthRequestPushNotification) => void;
 }
diff --git a/libs/auth/src/common/abstractions/index.ts b/libs/auth/src/common/abstractions/index.ts
index c4b5bed128..71280b72f6 100644
--- a/libs/auth/src/common/abstractions/index.ts
+++ b/libs/auth/src/common/abstractions/index.ts
@@ -1,3 +1,5 @@
 export * from "./pin-crypto.service.abstraction";
+export * from "./login-email.service";
 export * from "./login-strategy.service";
+export * from "./user-decryption-options.service.abstraction";
 export * from "./auth-request.service.abstraction";
diff --git a/libs/auth/src/common/abstractions/login-email.service.ts b/libs/auth/src/common/abstractions/login-email.service.ts
new file mode 100644
index 0000000000..89165af543
--- /dev/null
+++ b/libs/auth/src/common/abstractions/login-email.service.ts
@@ -0,0 +1,38 @@
+import { Observable } from "rxjs";
+
+export abstract class LoginEmailServiceAbstraction {
+  /**
+   * An observable that monitors the storedEmail
+   */
+  storedEmail$: Observable<string>;
+  /**
+   * Gets the current email being used in the login process.
+   * @returns A string of the email.
+   */
+  getEmail: () => string;
+  /**
+   * Sets the current email being used in the login process.
+   * @param email The email to be set.
+   */
+  setEmail: (email: string) => void;
+  /**
+   * Gets whether or not the email should be stored on disk.
+   * @returns A boolean stating whether or not the email should be stored on disk.
+   */
+  getRememberEmail: () => boolean;
+  /**
+   * Sets whether or not the email should be stored on disk.
+   */
+  setRememberEmail: (value: boolean) => void;
+  /**
+   * Sets the email and rememberEmail properties to null.
+   */
+  clearValues: () => void;
+  /**
+   * - If rememberEmail is true, sets the storedEmail on disk to the current email.
+   * - If rememberEmail is false, sets the storedEmail on disk to null.
+   * - Then sets the email and rememberEmail properties to null.
+   * @returns A promise that resolves once the email settings are saved.
+   */
+  saveEmailSettings: () => Promise<void>;
+}
diff --git a/libs/auth/src/common/abstractions/login-strategy.service.ts b/libs/auth/src/common/abstractions/login-strategy.service.ts
index e3ed63c737..eae6dc2a27 100644
--- a/libs/auth/src/common/abstractions/login-strategy.service.ts
+++ b/libs/auth/src/common/abstractions/login-strategy.service.ts
@@ -4,7 +4,6 @@ import { AuthenticationType } from "@bitwarden/common/auth/enums/authentication-
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
-import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { MasterKey } from "@bitwarden/common/types/key";
 
 import {
@@ -21,10 +20,6 @@ export abstract class LoginStrategyServiceAbstraction {
    * Emits null if the session has timed out.
    */
   currentAuthType$: Observable<AuthenticationType | null>;
-  /**
-   * Emits when an auth request has been approved.
-   */
-  authRequestPushNotification$: Observable<string>;
   /**
    * If the login strategy uses the email address of the user, this
    * will return it. Otherwise, it will return null.
@@ -77,10 +72,6 @@ export abstract class LoginStrategyServiceAbstraction {
    * Creates a master key from the provided master password and email.
    */
   makePreloginKey: (masterPassword: string, email: string) => Promise<MasterKey>;
-  /**
-   * Sends a notification to {@link LoginStrategyServiceAbstraction.authRequestPushNotification}
-   */
-  sendAuthRequestPushNotification: (notification: AuthRequestPushNotification) => Promise<void>;
   /**
    * Sends a response to an auth request.
    */
diff --git a/libs/auth/src/common/abstractions/user-decryption-options.service.abstraction.ts b/libs/auth/src/common/abstractions/user-decryption-options.service.abstraction.ts
new file mode 100644
index 0000000000..e46fb09cff
--- /dev/null
+++ b/libs/auth/src/common/abstractions/user-decryption-options.service.abstraction.ts
@@ -0,0 +1,34 @@
+import { Observable } from "rxjs";
+
+import { UserDecryptionOptions } from "../models";
+
+export abstract class UserDecryptionOptionsServiceAbstraction {
+  /**
+   * Returns what decryption options are available for the current user.
+   * @remark This is sent from the server on authentication.
+   */
+  abstract userDecryptionOptions$: Observable<UserDecryptionOptions>;
+  /**
+   * Uses user decryption options to determine if current user has a master password.
+   * @remark This is sent from the server, and does not indicate if the master password
+   * was used to login and/or if a master key is saved locally.
+   */
+  abstract hasMasterPassword$: Observable<boolean>;
+
+  /**
+   * Returns the user decryption options for the given user id.
+   * @param userId The user id to check.
+   */
+  abstract userDecryptionOptionsById$(userId: string): Observable<UserDecryptionOptions>;
+}
+
+export abstract class InternalUserDecryptionOptionsServiceAbstraction extends UserDecryptionOptionsServiceAbstraction {
+  /**
+   * Sets the current decryption options for the user, contains the current configuration
+   * of the users account related to how they can decrypt their vault.
+   * @remark Intended to be used when user decryption options are received from server, does
+   * not update the server. Consider syncing instead of updating locally.
+   * @param userDecryptionOptions Current user decryption options received from server.
+   */
+  abstract setUserDecryptionOptions(userDecryptionOptions: UserDecryptionOptions): Promise<void>;
+}
diff --git a/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts
index 18ac9f0bf7..53722cd259 100644
--- a/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts
@@ -17,6 +17,7 @@ import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/sym
 import { CsprngArray } from "@bitwarden/common/types/csprng";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { AuthRequestLoginCredentials } from "../models/domain/login-credentials";
 
 import {
@@ -37,6 +38,7 @@ describe("AuthRequestLoginStrategy", () => {
   let logService: MockProxy<LogService>;
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
+  let userDecryptionOptions: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
 
@@ -65,6 +67,7 @@ describe("AuthRequestLoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
+    userDecryptionOptions = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
 
@@ -83,6 +86,7 @@ describe("AuthRequestLoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptions,
       deviceTrustCryptoService,
       billingAccountProfileStateService,
     );
diff --git a/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts b/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts
index 09312226d8..31a0cebbfe 100644
--- a/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts
@@ -16,7 +16,9 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { UserId } from "@bitwarden/common/types/guid";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { AuthRequestLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
@@ -54,6 +56,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
@@ -67,6 +70,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
 
@@ -125,8 +129,10 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
       await this.cryptoService.setUserKey(authRequestCredentials.decryptedUserKey);
     } else {
       await this.trySetUserKeyWithMasterKey();
+
+      const userId = (await this.stateService.getUserId()) as UserId;
       // Establish trust if required after setting user key
-      await this.deviceTrustCryptoService.trustDeviceIfRequired();
+      await this.deviceTrustCryptoService.trustDeviceIfRequired(userId);
     }
   }
 
diff --git a/libs/auth/src/common/login-strategies/login.strategy.spec.ts b/libs/auth/src/common/login-strategies/login.strategy.spec.ts
index 6f3d480f20..0ac22047c5 100644
--- a/libs/auth/src/common/login-strategies/login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.spec.ts
@@ -28,7 +28,6 @@ import {
   AccountProfile,
   AccountTokens,
   AccountKeys,
-  AccountDecryptionOptions,
 } from "@bitwarden/common/platform/models/domain/account";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
@@ -37,10 +36,12 @@ import {
   PasswordStrengthService,
 } from "@bitwarden/common/tools/password-strength";
 import { CsprngArray } from "@bitwarden/common/types/csprng";
-import { UserKey, MasterKey, DeviceKey } from "@bitwarden/common/types/key";
+import { UserKey, MasterKey } from "@bitwarden/common/types/key";
 
-import { LoginStrategyServiceAbstraction } from "../abstractions/login-strategy.service";
-import { PasswordLoginCredentials } from "../models/domain/login-credentials";
+import { LoginStrategyServiceAbstraction } from "../abstractions";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
+import { PasswordLoginCredentials } from "../models";
+import { UserDecryptionOptions } from "../models/domain/user-decryption-options";
 
 import { PasswordLoginStrategy, PasswordLoginStrategyData } from "./password-login.strategy";
 
@@ -108,6 +109,7 @@ describe("LoginStrategy", () => {
   let logService: MockProxy<LogService>;
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let policyService: MockProxy<PolicyService>;
   let passwordStrengthService: MockProxy<PasswordStrengthServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
@@ -126,7 +128,7 @@ describe("LoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
-
+    userDecryptionOptionsService = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     policyService = mock<PolicyService>();
     passwordStrengthService = mock<PasswordStrengthService>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
@@ -146,6 +148,7 @@ describe("LoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       passwordStrengthService,
       policyService,
       loginStrategyService,
@@ -183,9 +186,9 @@ describe("LoginStrategy", () => {
 
       expect(tokenService.setTokens).toHaveBeenCalledWith(
         accessToken,
-        refreshToken,
         mockVaultTimeoutAction,
         mockVaultTimeout,
+        refreshToken,
       );
 
       expect(stateService.addAccount).toHaveBeenCalledWith(
@@ -204,33 +207,12 @@ describe("LoginStrategy", () => {
             ...new AccountTokens(),
           },
           keys: new AccountKeys(),
-          decryptionOptions: AccountDecryptionOptions.fromResponse(idTokenResponse),
         }),
       );
-      expect(messagingService.send).toHaveBeenCalledWith("loggedIn");
-    });
-
-    it("persists a device key for trusted device encryption when it exists on login", async () => {
-      // Arrange
-      const idTokenResponse = identityTokenResponseFactory();
-      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
-
-      const deviceKey = new SymmetricCryptoKey(
-        new Uint8Array(userKeyBytesLength).buffer as CsprngArray,
-      ) as DeviceKey;
-
-      stateService.getDeviceKey.mockResolvedValue(deviceKey);
-
-      const accountKeys = new AccountKeys();
-      accountKeys.deviceKey = deviceKey;
-
-      // Act
-      await passwordLoginStrategy.logIn(credentials);
-
-      // Assert
-      expect(stateService.addAccount).toHaveBeenCalledWith(
-        expect.objectContaining({ keys: accountKeys }),
+      expect(userDecryptionOptionsService.setUserDecryptionOptions).toHaveBeenCalledWith(
+        UserDecryptionOptions.fromResponse(idTokenResponse),
       );
+      expect(messagingService.send).toHaveBeenCalledWith("loggedIn");
     });
 
     it("builds AuthResult", async () => {
@@ -409,6 +391,7 @@ describe("LoginStrategy", () => {
         logService,
         stateService,
         twoFactorService,
+        userDecryptionOptionsService,
         passwordStrengthService,
         policyService,
         loginStrategyService,
diff --git a/libs/auth/src/common/login-strategies/login.strategy.ts b/libs/auth/src/common/login-strategies/login.strategy.ts
index f5f28dd044..4fe99b276c 100644
--- a/libs/auth/src/common/login-strategies/login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.ts
@@ -26,13 +26,12 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import {
-  AccountKeys,
   Account,
   AccountProfile,
   AccountTokens,
-  AccountDecryptionOptions,
 } from "@bitwarden/common/platform/models/domain/account";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import {
   UserApiLoginCredentials,
   PasswordLoginCredentials,
@@ -40,6 +39,7 @@ import {
   AuthRequestLoginCredentials,
   WebAuthnLoginCredentials,
 } from "../models/domain/login-credentials";
+import { UserDecryptionOptions } from "../models/domain/user-decryption-options";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
 type IdentityResponse = IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse;
@@ -69,6 +69,7 @@ export abstract class LoginStrategy {
     protected logService: LogService,
     protected stateService: StateService,
     protected twoFactorService: TwoFactorService,
+    protected userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     protected billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {}
 
@@ -158,18 +159,8 @@ export abstract class LoginStrategy {
   protected async saveAccountInformation(tokenResponse: IdentityTokenResponse): Promise<void> {
     const accountInformation = await this.tokenService.decodeAccessToken(tokenResponse.accessToken);
 
-    // Must persist existing device key if it exists for trusted device decryption to work
-    // However, we must provide a user id so that the device key can be retrieved
-    // as the state service won't have an active account at this point in time
-    // even though the data exists in local storage.
     const userId = accountInformation.sub;
 
-    const deviceKey = await this.stateService.getDeviceKey({ userId });
-    const accountKeys = new AccountKeys();
-    if (deviceKey) {
-      accountKeys.deviceKey = deviceKey;
-    }
-
     // If you don't persist existing admin auth requests on login, they will get deleted.
     const adminAuthRequest = await this.stateService.getAdminAuthRequest({ userId });
 
@@ -180,9 +171,9 @@ export abstract class LoginStrategy {
     // User id will be derived from the access token.
     await this.tokenService.setTokens(
       tokenResponse.accessToken,
-      tokenResponse.refreshToken,
       vaultTimeoutAction as VaultTimeoutAction,
       vaultTimeout,
+      tokenResponse.refreshToken, // Note: CLI login via API key sends undefined for refresh token.
     );
 
     await this.stateService.addAccount(
@@ -202,12 +193,14 @@ export abstract class LoginStrategy {
         tokens: {
           ...new AccountTokens(),
         },
-        keys: accountKeys,
-        decryptionOptions: AccountDecryptionOptions.fromResponse(tokenResponse),
         adminAuthRequest: adminAuthRequest?.toJSON(),
       }),
     );
 
+    await this.userDecryptionOptionsService.setUserDecryptionOptions(
+      UserDecryptionOptions.fromResponse(tokenResponse),
+    );
+
     await this.billingAccountProfileStateService.setHasPremium(accountInformation.premium, false);
   }
 
diff --git a/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts
index 007c33afc6..470a4ac713 100644
--- a/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts
@@ -27,6 +27,7 @@ import { CsprngArray } from "@bitwarden/common/types/csprng";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 
 import { LoginStrategyServiceAbstraction } from "../abstractions";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { PasswordLoginCredentials } from "../models/domain/login-credentials";
 
 import { identityTokenResponseFactory } from "./login.strategy.spec";
@@ -60,6 +61,7 @@ describe("PasswordLoginStrategy", () => {
   let logService: MockProxy<LogService>;
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let policyService: MockProxy<PolicyService>;
   let passwordStrengthService: MockProxy<PasswordStrengthServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
@@ -79,6 +81,7 @@ describe("PasswordLoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
+    userDecryptionOptionsService = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     policyService = mock<PolicyService>();
     passwordStrengthService = mock<PasswordStrengthService>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
@@ -108,6 +111,7 @@ describe("PasswordLoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       passwordStrengthService,
       policyService,
       loginStrategyService,
diff --git a/libs/auth/src/common/login-strategies/password-login.strategy.ts b/libs/auth/src/common/login-strategies/password-login.strategy.ts
index 2104595b45..d3de3ea6ba 100644
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -26,6 +26,7 @@ import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/pass
 import { MasterKey } from "@bitwarden/common/types/key";
 
 import { LoginStrategyServiceAbstraction } from "../abstractions";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { PasswordLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
@@ -36,15 +37,11 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
 
   /** User's entered email obtained pre-login. Always present in MP login. */
   userEnteredEmail: string;
-
+  /** If 2fa is required, token is returned to bypass captcha */
   captchaBypassToken?: string;
-  /**
-   * The local version of the user's master key hash
-   */
+  /** The local version of the user's master key hash */
   localMasterKeyHash: string;
-  /**
-   * The user's master key
-   */
+  /** The user's master key */
   masterKey: MasterKey;
   /**
    * Tracks if the user needs to update their password due to
@@ -62,14 +59,12 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
 }
 
 export class PasswordLoginStrategy extends LoginStrategy {
-  /**
-   * The email address of the user attempting to log in.
-   */
+  /** The email address of the user attempting to log in. */
   email$: Observable<string>;
-  /**
-   * The master key hash of the user attempting to log in.
-   */
-  masterKeyHash$: Observable<string | null>;
+  /** The master key hash used for authentication */
+  serverMasterKeyHash$: Observable<string>;
+  /** The local master key hash we store client side */
+  localMasterKeyHash$: Observable<string | null>;
 
   protected cache: BehaviorSubject<PasswordLoginStrategyData>;
 
@@ -84,6 +79,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
     logService: LogService,
     protected stateService: StateService,
     twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     private passwordStrengthService: PasswordStrengthServiceAbstraction,
     private policyService: PolicyService,
     private loginStrategyService: LoginStrategyServiceAbstraction,
@@ -99,12 +95,16 @@ export class PasswordLoginStrategy extends LoginStrategy {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
 
     this.cache = new BehaviorSubject(data);
     this.email$ = this.cache.pipe(map((state) => state.tokenRequest.email));
-    this.masterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
+    this.serverMasterKeyHash$ = this.cache.pipe(
+      map((state) => state.tokenRequest.masterPasswordHash),
+    );
+    this.localMasterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
   }
 
   override async logIn(credentials: PasswordLoginCredentials) {
@@ -120,11 +120,14 @@ export class PasswordLoginStrategy extends LoginStrategy {
       data.masterKey,
       HashPurpose.LocalAuthorization,
     );
-    const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, data.masterKey);
+    const serverMasterKeyHash = await this.cryptoService.hashMasterKey(
+      masterPassword,
+      data.masterKey,
+    );
 
     data.tokenRequest = new PasswordTokenRequest(
       email,
-      masterKeyHash,
+      serverMasterKeyHash,
       captchaToken,
       await this.buildTwoFactor(twoFactor, email),
       await this.buildDeviceRequest(),
@@ -168,10 +171,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
     twoFactor: TokenTwoFactorRequest,
     captchaResponse: string,
   ): Promise<AuthResult> {
-    this.cache.next({
-      ...this.cache.value,
-      captchaBypassToken: captchaResponse ?? this.cache.value.captchaBypassToken,
-    });
+    const data = this.cache.value;
+    data.tokenRequest.captchaResponse = captchaResponse ?? data.captchaBypassToken;
+    this.cache.next(data);
+
     const result = await super.logInTwoFactor(twoFactor);
 
     // 2FA was successful, save the force update password options with the state service if defined
diff --git a/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
index c987bcc95a..d4b0b13eaf 100644
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
@@ -23,7 +23,10 @@ import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/sym
 import { CsprngArray } from "@bitwarden/common/types/csprng";
 import { DeviceKey, UserKey, MasterKey } from "@bitwarden/common/types/key";
 
-import { AuthRequestServiceAbstraction } from "../abstractions";
+import {
+  AuthRequestServiceAbstraction,
+  InternalUserDecryptionOptionsServiceAbstraction,
+} from "../abstractions";
 import { SsoLoginCredentials } from "../models/domain/login-credentials";
 
 import { identityTokenResponseFactory } from "./login.strategy.spec";
@@ -39,6 +42,7 @@ describe("SsoLoginStrategy", () => {
   let logService: MockProxy<LogService>;
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let keyConnectorService: MockProxy<KeyConnectorService>;
   let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
   let authRequestService: MockProxy<AuthRequestServiceAbstraction>;
@@ -66,6 +70,7 @@ describe("SsoLoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
+    userDecryptionOptionsService = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     keyConnectorService = mock<KeyConnectorService>();
     deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
     authRequestService = mock<AuthRequestServiceAbstraction>();
@@ -87,6 +92,7 @@ describe("SsoLoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       keyConnectorService,
       deviceTrustCryptoService,
       authRequestService,
diff --git a/libs/auth/src/common/login-strategies/sso-login.strategy.ts b/libs/auth/src/common/login-strategies/sso-login.strategy.ts
index b8d1df6f57..7745104bd1 100644
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts
@@ -20,8 +20,12 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { UserId } from "@bitwarden/common/types/guid";
 
-import { AuthRequestServiceAbstraction } from "../abstractions";
+import {
+  InternalUserDecryptionOptionsServiceAbstraction,
+  AuthRequestServiceAbstraction,
+} from "../abstractions";
 import { SsoLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
@@ -84,6 +88,7 @@ export class SsoLoginStrategy extends LoginStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     private keyConnectorService: KeyConnectorService,
     private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     private authRequestService: AuthRequestServiceAbstraction,
@@ -100,6 +105,7 @@ export class SsoLoginStrategy extends LoginStrategy {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
 
@@ -279,7 +285,8 @@ export class SsoLoginStrategy extends LoginStrategy {
       if (await this.cryptoService.hasUserKey()) {
         // Now that we have a decrypted user key in memory, we can check if we
         // need to establish trust on the current device
-        await this.deviceTrustCryptoService.trustDeviceIfRequired();
+        const userId = (await this.stateService.getUserId()) as UserId;
+        await this.deviceTrustCryptoService.trustDeviceIfRequired(userId);
 
         // if we successfully decrypted the user key, we can delete the admin auth request out of state
         // TODO: eventually we post and clean up DB as well once consumed on client
@@ -293,7 +300,9 @@ export class SsoLoginStrategy extends LoginStrategy {
   private async trySetUserKeyWithDeviceKey(tokenResponse: IdentityTokenResponse): Promise<void> {
     const trustedDeviceOption = tokenResponse.userDecryptionOptions?.trustedDeviceOption;
 
-    const deviceKey = await this.deviceTrustCryptoService.getDeviceKey();
+    const userId = (await this.stateService.getUserId()) as UserId;
+
+    const deviceKey = await this.deviceTrustCryptoService.getDeviceKey(userId);
     const encDevicePrivateKey = trustedDeviceOption?.encryptedPrivateKey;
     const encUserKey = trustedDeviceOption?.encryptedUserKey;
 
@@ -302,6 +311,7 @@ export class SsoLoginStrategy extends LoginStrategy {
     }
 
     const userKey = await this.deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+      userId,
       encDevicePrivateKey,
       encUserKey,
       deviceKey,
diff --git a/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts
index 48f6fd32ab..02aed305a4 100644
--- a/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts
@@ -1,4 +1,5 @@
 import { mock, MockProxy } from "jest-mock-extended";
+import { BehaviorSubject } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
@@ -8,7 +9,10 @@ import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abs
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import {
+  Environment,
+  EnvironmentService,
+} from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -18,6 +22,7 @@ import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/sym
 import { CsprngArray } from "@bitwarden/common/types/csprng";
 import { UserKey, MasterKey } from "@bitwarden/common/types/key";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { UserApiLoginCredentials } from "../models/domain/login-credentials";
 
 import { identityTokenResponseFactory } from "./login.strategy.spec";
@@ -35,6 +40,7 @@ describe("UserApiLoginStrategy", () => {
   let logService: MockProxy<LogService>;
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let keyConnectorService: MockProxy<KeyConnectorService>;
   let environmentService: MockProxy<EnvironmentService>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
@@ -57,6 +63,7 @@ describe("UserApiLoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
+    userDecryptionOptionsService = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     keyConnectorService = mock<KeyConnectorService>();
     environmentService = mock<EnvironmentService>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
@@ -76,6 +83,7 @@ describe("UserApiLoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       environmentService,
       keyConnectorService,
       billingAccountProfileStateService,
@@ -141,8 +149,11 @@ describe("UserApiLoginStrategy", () => {
     const tokenResponse = identityTokenResponseFactory();
     tokenResponse.apiUseKeyConnector = true;
 
+    const env = mock<Environment>();
+    env.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
+    environmentService.environment$ = new BehaviorSubject(env);
+
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
-    environmentService.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
 
     await apiLogInStrategy.logIn(credentials);
 
@@ -156,8 +167,11 @@ describe("UserApiLoginStrategy", () => {
     const tokenResponse = identityTokenResponseFactory();
     tokenResponse.apiUseKeyConnector = true;
 
+    const env = mock<Environment>();
+    env.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
+    environmentService.environment$ = new BehaviorSubject(env);
+
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
-    environmentService.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
     cryptoService.getMasterKey.mockResolvedValue(masterKey);
     cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
diff --git a/libs/auth/src/common/login-strategies/user-api-login.strategy.ts b/libs/auth/src/common/login-strategies/user-api-login.strategy.ts
index 9bb6d8fb12..2af666f95c 100644
--- a/libs/auth/src/common/login-strategies/user-api-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.ts
@@ -1,4 +1,4 @@
-import { BehaviorSubject } from "rxjs";
+import { firstValueFrom, BehaviorSubject } from "rxjs";
 import { Jsonify } from "type-fest";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
@@ -17,6 +17,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { UserApiLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
@@ -47,6 +48,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     private environmentService: EnvironmentService,
     private keyConnectorService: KeyConnectorService,
     billingAccountProfileStateService: BillingAccountProfileStateService,
@@ -61,6 +63,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
     this.cache = new BehaviorSubject(data);
@@ -82,7 +85,8 @@ export class UserApiLoginStrategy extends LoginStrategy {
 
   protected override async setMasterKey(response: IdentityTokenResponse) {
     if (response.apiUseKeyConnector) {
-      const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
+      const env = await firstValueFrom(this.environmentService.environment$);
+      const keyConnectorUrl = env.getKeyConnectorUrl();
       await this.keyConnectorService.setMasterKeyFromUrl(keyConnectorUrl);
     }
   }
diff --git a/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
index 9ab64170c1..edc1441361 100644
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
@@ -18,6 +18,7 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PrfKey, UserKey } from "@bitwarden/common/types/key";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { WebAuthnLoginCredentials } from "../models/domain/login-credentials";
 
 import { identityTokenResponseFactory } from "./login.strategy.spec";
@@ -35,6 +36,7 @@ describe("WebAuthnLoginStrategy", () => {
   let logService!: MockProxy<LogService>;
   let stateService!: MockProxy<StateService>;
   let twoFactorService!: MockProxy<TwoFactorService>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
 
   let webAuthnLoginStrategy!: WebAuthnLoginStrategy;
@@ -70,6 +72,7 @@ describe("WebAuthnLoginStrategy", () => {
     logService = mock<LogService>();
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
+    userDecryptionOptionsService = mock<InternalUserDecryptionOptionsServiceAbstraction>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
 
     tokenService.getTwoFactorToken.mockResolvedValue(null);
@@ -87,6 +90,7 @@ describe("WebAuthnLoginStrategy", () => {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
 
diff --git a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
index b60342f0b4..a8e67597b8 100644
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
@@ -17,6 +17,7 @@ import { StateService } from "@bitwarden/common/platform/abstractions/state.serv
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { UserKey } from "@bitwarden/common/types/key";
 
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions";
 import { WebAuthnLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";
 
@@ -49,6 +50,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
     super(
@@ -61,6 +63,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
       logService,
       stateService,
       twoFactorService,
+      userDecryptionOptionsService,
       billingAccountProfileStateService,
     );
 
diff --git a/libs/auth/src/common/models/domain/index.ts b/libs/auth/src/common/models/domain/index.ts
index c3166f737d..b8b83711a4 100644
--- a/libs/auth/src/common/models/domain/index.ts
+++ b/libs/auth/src/common/models/domain/index.ts
@@ -1,2 +1,3 @@
 export * from "./rotateable-key-set";
 export * from "./login-credentials";
+export * from "./user-decryption-options";
diff --git a/libs/auth/src/common/models/domain/user-decryption-options.ts b/libs/auth/src/common/models/domain/user-decryption-options.ts
new file mode 100644
index 0000000000..ca4046f36e
--- /dev/null
+++ b/libs/auth/src/common/models/domain/user-decryption-options.ts
@@ -0,0 +1,165 @@
+import { Jsonify } from "type-fest";
+
+import { KeyConnectorUserDecryptionOptionResponse } from "@bitwarden/common/auth/models/response/user-decryption-options/key-connector-user-decryption-option.response";
+import { TrustedDeviceUserDecryptionOptionResponse } from "@bitwarden/common/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response";
+import { IdentityTokenResponse } from "@bitwarden/common/src/auth/models/response/identity-token.response";
+
+/**
+ * Key Connector decryption options. Intended to be sent to the client for use after authentication.
+ * @see {@link UserDecryptionOptions}
+ */
+export class KeyConnectorUserDecryptionOption {
+  /** The URL of the key connector configured for this user. */
+  keyConnectorUrl: string;
+
+  /**
+   * Initializes a new instance of the KeyConnectorUserDecryptionOption from a response object.
+   * @param response The key connector user decryption option response object.
+   * @returns A new instance of the KeyConnectorUserDecryptionOption or undefined if `response` is nullish.
+   */
+  static fromResponse(
+    response: KeyConnectorUserDecryptionOptionResponse,
+  ): KeyConnectorUserDecryptionOption | undefined {
+    if (response == null) {
+      return undefined;
+    }
+    const options = new KeyConnectorUserDecryptionOption();
+    options.keyConnectorUrl = response?.keyConnectorUrl ?? null;
+    return options;
+  }
+
+  /**
+   * Initializes a new instance of a KeyConnectorUserDecryptionOption from a JSON object.
+   * @param obj JSON object to deserialize.
+   * @returns A new instance of the KeyConnectorUserDecryptionOption or undefined if `obj` is nullish.
+   */
+  static fromJSON(
+    obj: Jsonify<KeyConnectorUserDecryptionOption>,
+  ): KeyConnectorUserDecryptionOption | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+    return Object.assign(new KeyConnectorUserDecryptionOption(), obj);
+  }
+}
+
+/**
+ * Trusted device decryption options. Intended to be sent to the client for use after authentication.
+ * @see {@link UserDecryptionOptions}
+ */
+export class TrustedDeviceUserDecryptionOption {
+  /** True if an admin has approved an admin auth request previously made from this device. */
+  hasAdminApproval: boolean;
+  /** True if the user has a device capable of approving an auth request. */
+  hasLoginApprovingDevice: boolean;
+  /** True if the user has manage reset password permission, as these users must be forced to have a master password. */
+  hasManageResetPasswordPermission: boolean;
+
+  /**
+   * Initializes a new instance of the TrustedDeviceUserDecryptionOption from a response object.
+   * @param response The trusted device user decryption option response object.
+   * @returns A new instance of the TrustedDeviceUserDecryptionOption or undefined if `response` is nullish.
+   */
+  static fromResponse(
+    response: TrustedDeviceUserDecryptionOptionResponse,
+  ): TrustedDeviceUserDecryptionOption | undefined {
+    if (response == null) {
+      return undefined;
+    }
+    const options = new TrustedDeviceUserDecryptionOption();
+    options.hasAdminApproval = response?.hasAdminApproval ?? false;
+    options.hasLoginApprovingDevice = response?.hasLoginApprovingDevice ?? false;
+    options.hasManageResetPasswordPermission = response?.hasManageResetPasswordPermission ?? false;
+    return options;
+  }
+
+  /**
+   * Initializes a new instance of the TrustedDeviceUserDecryptionOption from a JSON object.
+   * @param obj JSON object to deserialize.
+   * @returns A new instance of the TrustedDeviceUserDecryptionOption or undefined if `obj` is nullish.
+   */
+  static fromJSON(
+    obj: Jsonify<TrustedDeviceUserDecryptionOption>,
+  ): TrustedDeviceUserDecryptionOption | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+    return Object.assign(new TrustedDeviceUserDecryptionOption(), obj);
+  }
+}
+
+/**
+ * Represents the decryption options the user has configured on the server. This is intended to be sent
+ * to the client on authentication, and can be used to determine how to decrypt the user's vault.
+ */
+export class UserDecryptionOptions {
+  /** True if the user has a master password configured on the server. */
+  hasMasterPassword: boolean;
+  /** {@link TrustedDeviceUserDecryptionOption} */
+  trustedDeviceOption?: TrustedDeviceUserDecryptionOption;
+  /** {@link KeyConnectorUserDecryptionOption} */
+  keyConnectorOption?: KeyConnectorUserDecryptionOption;
+
+  /**
+   * Initializes a new instance of the UserDecryptionOptions from a response object.
+   * @param response user decryption options response object
+   * @returns A new instance of the UserDecryptionOptions.
+   * @throws If the response is nullish, this method will throw an error. User decryption options
+   * are required for client initialization.
+   */
+  // TODO: Change response type to `UserDecryptionOptionsResponse` after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3537)
+  static fromResponse(response: IdentityTokenResponse): UserDecryptionOptions {
+    if (response == null) {
+      throw new Error("User Decryption Options are required for client initialization.");
+    }
+
+    const decryptionOptions = new UserDecryptionOptions();
+
+    if (response.userDecryptionOptions) {
+      // If the response has userDecryptionOptions, this means it's on a post-TDE server version and can interrogate
+      // the new decryption options.
+      const responseOptions = response.userDecryptionOptions;
+      decryptionOptions.hasMasterPassword = responseOptions.hasMasterPassword;
+
+      decryptionOptions.trustedDeviceOption = TrustedDeviceUserDecryptionOption.fromResponse(
+        responseOptions.trustedDeviceOption,
+      );
+
+      decryptionOptions.keyConnectorOption = KeyConnectorUserDecryptionOption.fromResponse(
+        responseOptions.keyConnectorOption,
+      );
+    } else {
+      // If the response does not have userDecryptionOptions, this means it's on a pre-TDE server version and so
+      // we must base our decryption options on the presence of the keyConnectorUrl.
+      // Note that the presence of keyConnectorUrl implies that the user does not have a master password, as in pre-TDE
+      // server versions, a master password short-circuited the addition of the keyConnectorUrl to the response.
+      // TODO: remove this check after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3537)
+      const usingKeyConnector = response.keyConnectorUrl != null;
+      decryptionOptions.hasMasterPassword = !usingKeyConnector;
+      if (usingKeyConnector) {
+        decryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption();
+        decryptionOptions.keyConnectorOption.keyConnectorUrl = response.keyConnectorUrl;
+      }
+    }
+    return decryptionOptions;
+  }
+
+  /**
+   * Initializes a new instance of the UserDecryptionOptions from a JSON object.
+   * @param obj JSON object to deserialize.
+   * @returns A new instance of the UserDecryptionOptions. Will initialize even if the JSON object is nullish.
+   */
+  static fromJSON(obj: Jsonify<UserDecryptionOptions>): UserDecryptionOptions {
+    const decryptionOptions = Object.assign(new UserDecryptionOptions(), obj);
+
+    decryptionOptions.trustedDeviceOption = TrustedDeviceUserDecryptionOption.fromJSON(
+      obj?.trustedDeviceOption,
+    );
+
+    decryptionOptions.keyConnectorOption = KeyConnectorUserDecryptionOption.fromJSON(
+      obj?.keyConnectorOption,
+    );
+
+    return decryptionOptions;
+  }
+}
diff --git a/libs/auth/src/common/models/index.ts b/libs/auth/src/common/models/index.ts
index 7886141dc9..e816ee4b88 100644
--- a/libs/auth/src/common/models/index.ts
+++ b/libs/auth/src/common/models/index.ts
@@ -1 +1,2 @@
 export * from "./domain";
+export * from "./spec";
diff --git a/libs/auth/src/common/models/spec/fake-user-decryption-options.ts b/libs/auth/src/common/models/spec/fake-user-decryption-options.ts
new file mode 100644
index 0000000000..fe4a1203c6
--- /dev/null
+++ b/libs/auth/src/common/models/spec/fake-user-decryption-options.ts
@@ -0,0 +1,38 @@
+import {
+  KeyConnectorUserDecryptionOption,
+  TrustedDeviceUserDecryptionOption,
+  UserDecryptionOptions,
+} from "../domain";
+
+// To discourage creating new user decryption options, we don't expose a constructor.
+// These helpers are for testing purposes only.
+
+/** Testing helper for creating new instances of `UserDecryptionOptions` */
+export class FakeUserDecryptionOptions extends UserDecryptionOptions {
+  constructor(init: Partial<UserDecryptionOptions>) {
+    super();
+    Object.assign(this, init);
+  }
+}
+
+/** Testing helper for creating new instances of `KeyConnectorUserDecryptionOption` */
+export class FakeKeyConnectorUserDecryptionOption extends KeyConnectorUserDecryptionOption {
+  constructor(keyConnectorUrl: string) {
+    super();
+    this.keyConnectorUrl = keyConnectorUrl;
+  }
+}
+
+/** Testing helper for creating new instances of `TrustedDeviceUserDecryptionOption` */
+export class FakeTrustedDeviceUserDecryptionOption extends TrustedDeviceUserDecryptionOption {
+  constructor(
+    hasAdminApproval: boolean,
+    hasLoginApprovingDevice: boolean,
+    hasManageResetPasswordPermission: boolean,
+  ) {
+    super();
+    this.hasAdminApproval = hasAdminApproval;
+    this.hasLoginApprovingDevice = hasLoginApprovingDevice;
+    this.hasManageResetPasswordPermission = hasManageResetPasswordPermission;
+  }
+}
diff --git a/libs/auth/src/common/models/spec/index.ts b/libs/auth/src/common/models/spec/index.ts
new file mode 100644
index 0000000000..d05bc2bf2c
--- /dev/null
+++ b/libs/auth/src/common/models/spec/index.ts
@@ -0,0 +1 @@
+export * from "./fake-user-decryption-options";
diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
index b1971f6b52..80d00b2a01 100644
--- a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
@@ -2,6 +2,7 @@ import { mock } from "jest-mock-extended";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
+import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
@@ -30,6 +31,22 @@ describe("AuthRequestService", () => {
     mockPrivateKey = new Uint8Array(64);
   });
 
+  describe("authRequestPushNotification$", () => {
+    it("should emit when sendAuthRequestPushNotification is called", () => {
+      const notification = {
+        id: "PUSH_NOTIFICATION",
+        userId: "USER_ID",
+      } as AuthRequestPushNotification;
+
+      const spy = jest.fn();
+      sut.authRequestPushNotification$.subscribe(spy);
+
+      sut.sendAuthRequestPushNotification(notification);
+
+      expect(spy).toHaveBeenCalledWith("PUSH_NOTIFICATION");
+    });
+  });
+
   describe("approveOrDenyAuthRequest", () => {
     beforeEach(() => {
       cryptoService.rsaEncrypt.mockResolvedValue({
diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.ts b/libs/auth/src/common/services/auth-request/auth-request.service.ts
index ab33780fe6..eb39659f53 100644
--- a/libs/auth/src/common/services/auth-request/auth-request.service.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request.service.ts
@@ -1,6 +1,9 @@
+import { Observable, Subject } from "rxjs";
+
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PasswordlessAuthRequest } from "@bitwarden/common/auth/models/request/passwordless-auth.request";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
+import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
@@ -11,12 +14,17 @@ import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 import { AuthRequestServiceAbstraction } from "../../abstractions/auth-request.service.abstraction";
 
 export class AuthRequestService implements AuthRequestServiceAbstraction {
+  private authRequestPushNotificationSubject = new Subject<string>();
+  authRequestPushNotification$: Observable<string>;
+
   constructor(
     private appIdService: AppIdService,
     private cryptoService: CryptoService,
     private apiService: ApiService,
     private stateService: StateService,
-  ) {}
+  ) {
+    this.authRequestPushNotification$ = this.authRequestPushNotificationSubject.asObservable();
+  }
 
   async approveOrDenyAuthRequest(
     approve: boolean,
@@ -126,4 +134,10 @@ export class AuthRequestService implements AuthRequestServiceAbstraction {
       masterKeyHash,
     };
   }
+
+  sendAuthRequestPushNotification(notification: AuthRequestPushNotification): void {
+    if (notification.id != null) {
+      this.authRequestPushNotificationSubject.next(notification.id);
+    }
+  }
 }
diff --git a/libs/auth/src/common/services/index.ts b/libs/auth/src/common/services/index.ts
index 2b131c7afc..5a0fc083dd 100644
--- a/libs/auth/src/common/services/index.ts
+++ b/libs/auth/src/common/services/index.ts
@@ -1,3 +1,5 @@
 export * from "./pin-crypto/pin-crypto.service.implementation";
+export * from "./login-email/login-email.service";
 export * from "./login-strategies/login-strategy.service";
+export * from "./user-decryption-options/user-decryption-options.service";
 export * from "./auth-request/auth-request.service";
diff --git a/libs/auth/src/common/services/login-email/login-email.service.ts b/libs/auth/src/common/services/login-email/login-email.service.ts
new file mode 100644
index 0000000000..171af07430
--- /dev/null
+++ b/libs/auth/src/common/services/login-email/login-email.service.ts
@@ -0,0 +1,52 @@
+import { Observable } from "rxjs";
+
+import {
+  GlobalState,
+  KeyDefinition,
+  LOGIN_EMAIL_DISK,
+  StateProvider,
+} from "../../../../../common/src/platform/state";
+import { LoginEmailServiceAbstraction } from "../../abstractions/login-email.service";
+
+const STORED_EMAIL = new KeyDefinition<string>(LOGIN_EMAIL_DISK, "storedEmail", {
+  deserializer: (value: string) => value,
+});
+
+export class LoginEmailService implements LoginEmailServiceAbstraction {
+  private email: string;
+  private rememberEmail: boolean;
+
+  private readonly storedEmailState: GlobalState<string>;
+  storedEmail$: Observable<string>;
+
+  constructor(private stateProvider: StateProvider) {
+    this.storedEmailState = this.stateProvider.getGlobal(STORED_EMAIL);
+    this.storedEmail$ = this.storedEmailState.state$;
+  }
+
+  getEmail() {
+    return this.email;
+  }
+
+  setEmail(email: string) {
+    this.email = email;
+  }
+
+  getRememberEmail() {
+    return this.rememberEmail;
+  }
+
+  setRememberEmail(value: boolean) {
+    this.rememberEmail = value;
+  }
+
+  clearValues() {
+    this.email = null;
+    this.rememberEmail = null;
+  }
+
+  async saveEmailSettings() {
+    await this.storedEmailState.update(() => (this.rememberEmail ? this.email : null));
+    this.clearValues();
+  }
+}
diff --git a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
index 3d4c1b7b7d..981e4d81ac 100644
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
@@ -25,8 +25,12 @@ import { KdfType } from "@bitwarden/common/platform/enums";
 import { FakeGlobalState, FakeGlobalStateProvider } from "@bitwarden/common/spec";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 
-import { AuthRequestServiceAbstraction } from "../../abstractions";
+import {
+  AuthRequestServiceAbstraction,
+  InternalUserDecryptionOptionsServiceAbstraction,
+} from "../../abstractions";
 import { PasswordLoginCredentials } from "../../models";
+import { UserDecryptionOptionsService } from "../user-decryption-options/user-decryption-options.service";
 
 import { LoginStrategyService } from "./login-strategy.service";
 import { CACHE_EXPIRATION_KEY } from "./login-strategy.state";
@@ -51,6 +55,7 @@ describe("LoginStrategyService", () => {
   let policyService: MockProxy<PolicyService>;
   let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
   let authRequestService: MockProxy<AuthRequestServiceAbstraction>;
+  let userDecryptionOptionsService: MockProxy<InternalUserDecryptionOptionsServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
 
   let stateProvider: FakeGlobalStateProvider;
@@ -74,6 +79,7 @@ describe("LoginStrategyService", () => {
     policyService = mock<PolicyService>();
     deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
     authRequestService = mock<AuthRequestServiceAbstraction>();
+    userDecryptionOptionsService = mock<UserDecryptionOptionsService>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
     stateProvider = new FakeGlobalStateProvider();
 
@@ -95,6 +101,7 @@ describe("LoginStrategyService", () => {
       policyService,
       deviceTrustCryptoService,
       authRequestService,
+      userDecryptionOptionsService,
       stateProvider,
       billingAccountProfileStateService,
     );
diff --git a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
index 5c0e414044..b55f38af7f 100644
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
@@ -1,7 +1,6 @@
 import {
   combineLatestWith,
   distinctUntilChanged,
-  filter,
   firstValueFrom,
   map,
   Observable,
@@ -23,7 +22,6 @@ import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { PreloginRequest } from "@bitwarden/common/models/request/prelogin.request";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
-import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -40,6 +38,7 @@ import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/pass
 import { MasterKey } from "@bitwarden/common/types/key";
 
 import { AuthRequestServiceAbstraction, LoginStrategyServiceAbstraction } from "../../abstractions";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../../abstractions/user-decryption-options.service.abstraction";
 import { AuthRequestLoginStrategy } from "../../login-strategies/auth-request-login.strategy";
 import { PasswordLoginStrategy } from "../../login-strategies/password-login.strategy";
 import { SsoLoginStrategy } from "../../login-strategies/sso-login.strategy";
@@ -80,8 +79,6 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
   >;
 
   currentAuthType$: Observable<AuthenticationType | null>;
-  // TODO: move to auth request service
-  authRequestPushNotification$: Observable<string>;
 
   constructor(
     protected cryptoService: CryptoService,
@@ -101,6 +98,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
     protected policyService: PolicyService,
     protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
     protected authRequestService: AuthRequestServiceAbstraction,
+    protected userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
     protected stateProvider: GlobalStateProvider,
     protected billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {
@@ -112,9 +110,6 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
     );
 
     this.currentAuthType$ = this.currentAuthnTypeState.state$;
-    this.authRequestPushNotification$ = this.authRequestPushNotificationState.state$.pipe(
-      filter((id) => id != null),
-    );
     this.loginStrategy$ = this.currentAuthnTypeState.state$.pipe(
       distinctUntilChanged(),
       combineLatestWith(this.loginStrategyCacheState.state$),
@@ -135,8 +130,8 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
   async getMasterPasswordHash(): Promise<string | null> {
     const strategy = await firstValueFrom(this.loginStrategy$);
 
-    if ("masterKeyHash$" in strategy) {
-      return await firstValueFrom(strategy.masterKeyHash$);
+    if ("serverMasterKeyHash$" in strategy) {
+      return await firstValueFrom(strategy.serverMasterKeyHash$);
     }
     return null;
   }
@@ -254,13 +249,6 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
     return await this.cryptoService.makeMasterKey(masterPassword, email, kdf, kdfConfig);
   }
 
-  // TODO move to auth request service
-  async sendAuthRequestPushNotification(notification: AuthRequestPushNotification): Promise<void> {
-    if (notification.id != null) {
-      await this.authRequestPushNotificationState.update((_) => notification.id);
-    }
-  }
-
   // TODO: move to auth request service
   async passwordlessLogin(
     id: string,
@@ -354,6 +342,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.logService,
               this.stateService,
               this.twoFactorService,
+              this.userDecryptionOptionsService,
               this.passwordStrengthService,
               this.policyService,
               this,
@@ -371,6 +360,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.logService,
               this.stateService,
               this.twoFactorService,
+              this.userDecryptionOptionsService,
               this.keyConnectorService,
               this.deviceTrustCryptoService,
               this.authRequestService,
@@ -389,6 +379,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.logService,
               this.stateService,
               this.twoFactorService,
+              this.userDecryptionOptionsService,
               this.environmentService,
               this.keyConnectorService,
               this.billingAccountProfileStateService,
@@ -405,6 +396,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.logService,
               this.stateService,
               this.twoFactorService,
+              this.userDecryptionOptionsService,
               this.deviceTrustCryptoService,
               this.billingAccountProfileStateService,
             );
@@ -420,6 +412,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.logService,
               this.stateService,
               this.twoFactorService,
+              this.userDecryptionOptionsService,
               this.billingAccountProfileStateService,
             );
         }
diff --git a/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.spec.ts b/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.spec.ts
new file mode 100644
index 0000000000..e8bb1b38ce
--- /dev/null
+++ b/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.spec.ts
@@ -0,0 +1,94 @@
+import { firstValueFrom } from "rxjs";
+
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import {
+  FakeAccountService,
+  FakeStateProvider,
+  mockAccountServiceWith,
+} from "@bitwarden/common/spec";
+import { UserId } from "@bitwarden/common/types/guid";
+
+import {
+  USER_DECRYPTION_OPTIONS,
+  UserDecryptionOptionsService,
+} from "./user-decryption-options.service";
+
+describe("UserDecryptionOptionsService", () => {
+  let sut: UserDecryptionOptionsService;
+
+  const fakeUserId = Utils.newGuid() as UserId;
+  let fakeAccountService: FakeAccountService;
+  let fakeStateProvider: FakeStateProvider;
+
+  beforeEach(() => {
+    fakeAccountService = mockAccountServiceWith(fakeUserId);
+    fakeStateProvider = new FakeStateProvider(fakeAccountService);
+
+    sut = new UserDecryptionOptionsService(fakeStateProvider);
+  });
+
+  const userDecryptionOptions = {
+    hasMasterPassword: true,
+    trustedDeviceOption: {
+      hasAdminApproval: false,
+      hasLoginApprovingDevice: false,
+      hasManageResetPasswordPermission: true,
+    },
+    keyConnectorOption: {
+      keyConnectorUrl: "https://keyconnector.bitwarden.com",
+    },
+  };
+
+  describe("userDecryptionOptions$", () => {
+    it("should return the active user's decryption options", async () => {
+      await fakeStateProvider.setUserState(USER_DECRYPTION_OPTIONS, userDecryptionOptions);
+
+      const result = await firstValueFrom(sut.userDecryptionOptions$);
+
+      expect(result).toEqual(userDecryptionOptions);
+    });
+  });
+
+  describe("hasMasterPassword$", () => {
+    it("should return the hasMasterPassword property of the active user's decryption options", async () => {
+      await fakeStateProvider.setUserState(USER_DECRYPTION_OPTIONS, userDecryptionOptions);
+
+      const result = await firstValueFrom(sut.hasMasterPassword$);
+
+      expect(result).toBe(true);
+    });
+  });
+
+  describe("userDecryptionOptionsById$", () => {
+    it("should return the user decryption options for the given user", async () => {
+      const givenUser = Utils.newGuid() as UserId;
+      await fakeAccountService.addAccount(givenUser, {
+        name: "Test User 1",
+        email: "test1@email.com",
+        status: AuthenticationStatus.Locked,
+      });
+      await fakeStateProvider.setUserState(
+        USER_DECRYPTION_OPTIONS,
+        userDecryptionOptions,
+        givenUser,
+      );
+
+      const result = await firstValueFrom(sut.userDecryptionOptionsById$(givenUser));
+
+      expect(result).toEqual(userDecryptionOptions);
+    });
+  });
+
+  describe("setUserDecryptionOptions", () => {
+    it("should set the active user's decryption options", async () => {
+      await sut.setUserDecryptionOptions(userDecryptionOptions);
+
+      const result = await firstValueFrom(
+        fakeStateProvider.getActive(USER_DECRYPTION_OPTIONS).state$,
+      );
+
+      expect(result).toEqual(userDecryptionOptions);
+    });
+  });
+});
diff --git a/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.ts b/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.ts
new file mode 100644
index 0000000000..6651ffd9e5
--- /dev/null
+++ b/libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.ts
@@ -0,0 +1,47 @@
+import { map } from "rxjs";
+
+import {
+  ActiveUserState,
+  StateProvider,
+  USER_DECRYPTION_OPTIONS_DISK,
+  UserKeyDefinition,
+} from "@bitwarden/common/platform/state";
+import { UserId } from "@bitwarden/common/src/types/guid";
+
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../../abstractions/user-decryption-options.service.abstraction";
+import { UserDecryptionOptions } from "../../models";
+
+export const USER_DECRYPTION_OPTIONS = new UserKeyDefinition<UserDecryptionOptions>(
+  USER_DECRYPTION_OPTIONS_DISK,
+  "decryptionOptions",
+  {
+    deserializer: (decryptionOptions) => UserDecryptionOptions.fromJSON(decryptionOptions),
+    clearOn: ["logout"],
+  },
+);
+
+export class UserDecryptionOptionsService
+  implements InternalUserDecryptionOptionsServiceAbstraction
+{
+  private userDecryptionOptionsState: ActiveUserState<UserDecryptionOptions>;
+
+  userDecryptionOptions$;
+  hasMasterPassword$;
+
+  constructor(private stateProvider: StateProvider) {
+    this.userDecryptionOptionsState = this.stateProvider.getActive(USER_DECRYPTION_OPTIONS);
+
+    this.userDecryptionOptions$ = this.userDecryptionOptionsState.state$;
+    this.hasMasterPassword$ = this.userDecryptionOptions$.pipe(
+      map((options) => options?.hasMasterPassword ?? false),
+    );
+  }
+
+  userDecryptionOptionsById$(userId: UserId) {
+    return this.stateProvider.getUser(userId, USER_DECRYPTION_OPTIONS).state$;
+  }
+
+  async setUserDecryptionOptions(userDecryptionOptions: UserDecryptionOptions): Promise<void> {
+    await this.userDecryptionOptionsState.update((_) => userDecryptionOptions);
+  }
+}
diff --git a/libs/common/spec/fake-account-service.ts b/libs/common/spec/fake-account-service.ts
index 1364127f65..2f33d9cf02 100644
--- a/libs/common/spec/fake-account-service.ts
+++ b/libs/common/spec/fake-account-service.ts
@@ -70,6 +70,9 @@ export class FakeAccountService implements AccountService {
   }
 
   async switchAccount(userId: UserId): Promise<void> {
+    const next =
+      userId == null ? null : { id: userId, ...this.accountsSubject["_buffer"]?.[0]?.[userId] };
+    this.activeAccountSubject.next(next);
     await this.mock.switchAccount(userId);
   }
 }
diff --git a/libs/common/spec/matchers/to-almost-equal.spec.ts b/libs/common/spec/matchers/to-almost-equal.spec.ts
new file mode 100644
index 0000000000..5922545137
--- /dev/null
+++ b/libs/common/spec/matchers/to-almost-equal.spec.ts
@@ -0,0 +1,54 @@
+describe("toAlmostEqual custom matcher", () => {
+  it("matches identical Dates", () => {
+    const date = new Date();
+    expect(date).toAlmostEqual(date);
+  });
+
+  it("matches when older but within default ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() - 5);
+    expect(date).toAlmostEqual(olderDate);
+  });
+
+  it("matches when newer but within default ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() + 5);
+    expect(date).toAlmostEqual(olderDate);
+  });
+
+  it("doesn't match if older than default ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() - 11);
+    expect(date).not.toAlmostEqual(olderDate);
+  });
+
+  it("doesn't match if newer than default ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() + 11);
+    expect(date).not.toAlmostEqual(olderDate);
+  });
+
+  it("matches when older but within custom ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() - 15);
+    expect(date).toAlmostEqual(olderDate, 20);
+  });
+
+  it("matches when newer but within custom ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() + 15);
+    expect(date).toAlmostEqual(olderDate, 20);
+  });
+
+  it("doesn't match if older than custom ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() - 21);
+    expect(date).not.toAlmostEqual(olderDate, 20);
+  });
+
+  it("doesn't match if newer than custom ms", () => {
+    const date = new Date();
+    const olderDate = new Date(date.getTime() + 21);
+    expect(date).not.toAlmostEqual(olderDate, 20);
+  });
+});
diff --git a/libs/common/spec/matchers/to-almost-equal.ts b/libs/common/spec/matchers/to-almost-equal.ts
new file mode 100644
index 0000000000..ba5aacc9b3
--- /dev/null
+++ b/libs/common/spec/matchers/to-almost-equal.ts
@@ -0,0 +1,20 @@
+/**
+ * Matches the expected date within an optional ms precision
+ * @param received The received date
+ * @param expected The expected date
+ * @param msPrecision The optional precision in milliseconds
+ */
+export const toAlmostEqual: jest.CustomMatcher = function (
+  received: Date,
+  expected: Date,
+  msPrecision: number = 10,
+) {
+  const receivedTime = received.getTime();
+  const expectedTime = expected.getTime();
+  const difference = Math.abs(receivedTime - expectedTime);
+  return {
+    pass: difference <= msPrecision,
+    message: () =>
+      `expected ${received} to be within ${msPrecision}ms of ${expected} (actual difference: ${difference}ms)`,
+  };
+};
diff --git a/libs/common/spec/observable-tracker.ts b/libs/common/spec/observable-tracker.ts
new file mode 100644
index 0000000000..a6f3e6a879
--- /dev/null
+++ b/libs/common/spec/observable-tracker.ts
@@ -0,0 +1,86 @@
+import { Observable, Subscription, firstValueFrom, throwError, timeout } from "rxjs";
+
+/** Test class to enable async awaiting of observable emissions */
+export class ObservableTracker<T> {
+  private subscription: Subscription;
+  emissions: T[] = [];
+  constructor(private observable: Observable<T>) {
+    this.emissions = this.trackEmissions(observable);
+  }
+
+  /** Unsubscribes from the observable */
+  unsubscribe() {
+    this.subscription.unsubscribe();
+  }
+
+  /**
+   * Awaits the next emission from the observable, or throws if the timeout is exceeded
+   * @param msTimeout The maximum time to wait for another emission before throwing
+   */
+  async expectEmission(msTimeout = 50) {
+    await firstValueFrom(
+      this.observable.pipe(
+        timeout({
+          first: msTimeout,
+          with: () => throwError(() => new Error("Timeout exceeded waiting for another emission.")),
+        }),
+      ),
+    );
+  }
+
+  /** Awaits until the the total number of emissions observed by this tracker equals or exceeds {@link count}
+   * @param count The number of emissions to wait for
+   */
+  async pauseUntilReceived(count: number, msTimeout = 50): Promise<T[]> {
+    for (let i = 0; i < count - this.emissions.length; i++) {
+      await this.expectEmission(msTimeout);
+    }
+    return this.emissions;
+  }
+
+  private trackEmissions<T>(observable: Observable<T>): T[] {
+    const emissions: T[] = [];
+    this.subscription = observable.subscribe((value) => {
+      switch (value) {
+        case undefined:
+        case null:
+          emissions.push(value);
+          return;
+        default:
+          // process by type
+          break;
+      }
+
+      switch (typeof value) {
+        case "string":
+        case "number":
+        case "boolean":
+          emissions.push(value);
+          break;
+        case "symbol":
+          // Cheating types to make symbols work at all
+          emissions.push(value.toString() as T);
+          break;
+        default: {
+          emissions.push(clone(value));
+        }
+      }
+    });
+    return emissions;
+  }
+}
+function clone(value: any): any {
+  if (global.structuredClone != undefined) {
+    return structuredClone(value);
+  } else {
+    return JSON.parse(JSON.stringify(value));
+  }
+}
+
+/** A test helper that builds an @see{@link ObservableTracker}, which can be used to assert things about the
+ * emissions of the given observable
+ * @param observable The observable to track
+ */
+export function subscribeTo<T>(observable: Observable<T>) {
+  return new ObservableTracker(observable);
+}
diff --git a/libs/common/src/abstractions/api.service.ts b/libs/common/src/abstractions/api.service.ts
index 2ef6b327d3..20ed3216a5 100644
--- a/libs/common/src/abstractions/api.service.ts
+++ b/libs/common/src/abstractions/api.service.ts
@@ -170,7 +170,6 @@ export abstract class ApiService {
   postRegister: (request: RegisterRequest) => Promise<RegisterResponse>;
   postPremium: (data: FormData) => Promise<PaymentResponse>;
   postReinstatePremium: () => Promise<any>;
-  postCancelPremium: () => Promise<any>;
   postAccountStorage: (request: StorageRequest) => Promise<PaymentResponse>;
   postAccountPayment: (request: PaymentRequest) => Promise<void>;
   postAccountLicense: (data: FormData) => Promise<any>;
diff --git a/libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts b/libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts
index ddf2fc5c01..7f1a40d140 100644
--- a/libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts
+++ b/libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts
@@ -51,7 +51,6 @@ export class OrganizationApiServiceAbstraction {
   updateSeats: (id: string, request: SeatRequest) => Promise<PaymentResponse>;
   updateStorage: (id: string, request: StorageRequest) => Promise<PaymentResponse>;
   verifyBank: (id: string, request: VerifyBankRequest) => Promise<void>;
-  cancel: (id: string) => Promise<void>;
   reinstate: (id: string) => Promise<void>;
   leave: (id: string) => Promise<void>;
   delete: (id: string, request: SecretVerificationRequest) => Promise<void>;
diff --git a/libs/common/src/admin-console/services/organization/organization-api.service.ts b/libs/common/src/admin-console/services/organization/organization-api.service.ts
index 4e482112a8..883bf35260 100644
--- a/libs/common/src/admin-console/services/organization/organization-api.service.ts
+++ b/libs/common/src/admin-console/services/organization/organization-api.service.ts
@@ -184,10 +184,6 @@ export class OrganizationApiService implements OrganizationApiServiceAbstraction
     );
   }
 
-  async cancel(id: string): Promise<void> {
-    return this.apiService.send("POST", "/organizations/" + id + "/cancel", null, true, false);
-  }
-
   async reinstate(id: string): Promise<void> {
     return this.apiService.send("POST", "/organizations/" + id + "/reinstate", null, true, false);
   }
diff --git a/libs/common/src/auth/abstractions/anonymous-hub.service.ts b/libs/common/src/auth/abstractions/anonymous-hub.service.ts
index 43bdabd512..e108dccbb6 100644
--- a/libs/common/src/auth/abstractions/anonymous-hub.service.ts
+++ b/libs/common/src/auth/abstractions/anonymous-hub.service.ts
@@ -1,4 +1,4 @@
 export abstract class AnonymousHubService {
-  createHubConnection: (token: string) => void;
-  stopHubConnection: () => void;
+  createHubConnection: (token: string) => Promise<void>;
+  stopHubConnection: () => Promise<void>;
 }
diff --git a/libs/common/src/auth/abstractions/auth.service.ts b/libs/common/src/auth/abstractions/auth.service.ts
index dc51e2fdb0..de08dbd4e9 100644
--- a/libs/common/src/auth/abstractions/auth.service.ts
+++ b/libs/common/src/auth/abstractions/auth.service.ts
@@ -1,6 +1,18 @@
+import { Observable } from "rxjs";
+
+import { UserId } from "../../types/guid";
 import { AuthenticationStatus } from "../enums/authentication-status";
 
 export abstract class AuthService {
-  getAuthStatus: (userId?: string) => Promise<AuthenticationStatus>;
-  logOut: (callback: () => void) => void;
+  /** Authentication status for the active user */
+  abstract activeAccountStatus$: Observable<AuthenticationStatus>;
+  /**
+   * Returns an observable authentication status for the given user id.
+   * @note userId is a required parameter, null values will always return `AuthenticationStatus.LoggedOut`
+   * @param userId The user id to check for an access token.
+   */
+  abstract authStatusFor$(userId: UserId): Observable<AuthenticationStatus>;
+  /** @deprecated use {@link activeAccountStatus$} instead */
+  abstract getAuthStatus: (userId?: string) => Promise<AuthenticationStatus>;
+  abstract logOut: (callback: () => void) => void;
 }
diff --git a/libs/common/src/auth/abstractions/avatar.service.ts b/libs/common/src/auth/abstractions/avatar.service.ts
index 1192ef745d..7da92ac7fd 100644
--- a/libs/common/src/auth/abstractions/avatar.service.ts
+++ b/libs/common/src/auth/abstractions/avatar.service.ts
@@ -15,6 +15,17 @@ export abstract class AvatarService {
    * @returns a promise that resolves when the avatar color is set
    */
   abstract setAvatarColor(color: string): Promise<void>;
+  /**
+   * Sets the avatar color for the given user, meant to be used via sync.
+   *
+   * @remarks This is meant to be used for getting an updated avatar color from
+   *          the sync endpoint. If the user is changing their avatar color
+   *          on device, you should instead call {@link setAvatarColor}.
+   *
+   * @param userId The user id for the user to set the avatar color for
+   * @param color The color to set the avatar color to
+   */
+  abstract setSyncAvatarColor(userId: UserId, color: string): Promise<void>;
   /**
    * Gets the avatar color of the specified user.
    *
diff --git a/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts b/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts
index 5f37e7d956..53fe214035 100644
--- a/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts
+++ b/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts
@@ -1,25 +1,34 @@
+import { Observable } from "rxjs";
+
 import { EncString } from "../../platform/models/domain/enc-string";
+import { UserId } from "../../types/guid";
 import { DeviceKey, UserKey } from "../../types/key";
 import { DeviceResponse } from "../abstractions/devices/responses/device.response";
 
 export abstract class DeviceTrustCryptoServiceAbstraction {
+  supportsDeviceTrust$: Observable<boolean>;
   /**
    * @description Retrieves the users choice to trust the device which can only happen after decryption
    * Note: this value should only be used once and then reset
    */
-  getShouldTrustDevice: () => Promise<boolean | null>;
-  setShouldTrustDevice: (value: boolean) => Promise<void>;
+  getShouldTrustDevice: (userId: UserId) => Promise<boolean | null>;
+  setShouldTrustDevice: (userId: UserId, value: boolean) => Promise<void>;
 
-  trustDeviceIfRequired: () => Promise<void>;
+  trustDeviceIfRequired: (userId: UserId) => Promise<void>;
 
-  trustDevice: () => Promise<DeviceResponse>;
-  getDeviceKey: () => Promise<DeviceKey>;
+  trustDevice: (userId: UserId) => Promise<DeviceResponse>;
+
+  /** Retrieves the device key if it exists from state or secure storage if supported for the active user. */
+  getDeviceKey: (userId: UserId) => Promise<DeviceKey | null>;
   decryptUserKeyWithDeviceKey: (
+    userId: UserId,
     encryptedDevicePrivateKey: EncString,
     encryptedUserKey: EncString,
-    deviceKey?: DeviceKey,
+    deviceKey: DeviceKey,
   ) => Promise<UserKey | null>;
-  rotateDevicesTrust: (newUserKey: UserKey, masterPasswordHash: string) => Promise<void>;
-
-  supportsDeviceTrust: () => Promise<boolean>;
+  rotateDevicesTrust: (
+    userId: UserId,
+    newUserKey: UserKey,
+    masterPasswordHash: string,
+  ) => Promise<void>;
 }
diff --git a/libs/common/src/auth/abstractions/key-connector.service.ts b/libs/common/src/auth/abstractions/key-connector.service.ts
index b7c8d5d0d0..36f413d70c 100644
--- a/libs/common/src/auth/abstractions/key-connector.service.ts
+++ b/libs/common/src/auth/abstractions/key-connector.service.ts
@@ -15,5 +15,4 @@ export abstract class KeyConnectorService {
   setConvertAccountRequired: (status: boolean) => Promise<void>;
   getConvertAccountRequired: () => Promise<boolean>;
   removeConvertAccountRequired: () => Promise<void>;
-  clear: () => Promise<void>;
 }
diff --git a/libs/common/src/auth/abstractions/login.service.ts b/libs/common/src/auth/abstractions/login.service.ts
deleted file mode 100644
index 9a884fd5d1..0000000000
--- a/libs/common/src/auth/abstractions/login.service.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-export abstract class LoginService {
-  getEmail: () => string;
-  getRememberEmail: () => boolean;
-  setEmail: (value: string) => void;
-  setRememberEmail: (value: boolean) => void;
-  clearValues: () => void;
-  saveEmailSettings: () => Promise<void>;
-}
diff --git a/libs/common/src/auth/abstractions/token.service.ts b/libs/common/src/auth/abstractions/token.service.ts
index d2358314d7..75bb383882 100644
--- a/libs/common/src/auth/abstractions/token.service.ts
+++ b/libs/common/src/auth/abstractions/token.service.ts
@@ -1,8 +1,15 @@
+import { Observable } from "rxjs";
+
 import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
 import { UserId } from "../../types/guid";
 import { DecodedAccessToken } from "../services/token.service";
 
 export abstract class TokenService {
+  /**
+   * Returns an observable that emits a boolean indicating whether the user has an access token.
+   * @param userId The user id to check for an access token.
+   */
+  abstract hasAccessToken$(userId: UserId): Observable<boolean>;
   /**
    * Sets the access token, refresh token, API Key Client ID, and API Key Client Secret in memory or disk
    * based on the given vaultTimeoutAction and vaultTimeout and the derived access token user id.
@@ -10,17 +17,18 @@ export abstract class TokenService {
    * Note 2: this method also enforces always setting the access token and the refresh token together as
    * we can retrieve the user id required to set the refresh token from the access token for efficiency.
    * @param accessToken The access token to set.
-   * @param refreshToken The refresh token to set.
-   * @param clientIdClientSecret The API Key Client ID and Client Secret to set.
    * @param vaultTimeoutAction The action to take when the vault times out.
    * @param vaultTimeout The timeout for the vault.
+   * @param refreshToken The optional refresh token to set. Note: this is undefined when using the CLI Login Via API Key flow
+   * @param clientIdClientSecret The API Key Client ID and Client Secret to set.
+   *
    * @returns A promise that resolves when the tokens have been set.
    */
   setTokens: (
     accessToken: string,
-    refreshToken: string,
     vaultTimeoutAction: VaultTimeoutAction,
     vaultTimeout: number | null,
+    refreshToken?: string,
     clientIdClientSecret?: [string, string],
   ) => Promise<void>;
 
diff --git a/libs/common/src/auth/models/domain/auth-result.ts b/libs/common/src/auth/models/domain/auth-result.ts
index 16f58c6459..993ce08d58 100644
--- a/libs/common/src/auth/models/domain/auth-result.ts
+++ b/libs/common/src/auth/models/domain/auth-result.ts
@@ -8,7 +8,7 @@ export class AuthResult {
   // TODO: PM-3287 - Remove this after 3 releases of backwards compatibility. - Target release 2023.12 for removal
   /**
    * @deprecated
-   * Replace with using AccountDecryptionOptions to determine if the user does
+   * Replace with using UserDecryptionOptions to determine if the user does
    * not have a master password and is not using Key Connector.
    * */
   resetMasterPassword = false;
diff --git a/libs/common/src/auth/models/domain/environment-urls.ts b/libs/common/src/auth/models/domain/environment-urls.ts
deleted file mode 100644
index c78768bdc2..0000000000
--- a/libs/common/src/auth/models/domain/environment-urls.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-import { Jsonify } from "type-fest";
-
-export class EnvironmentUrls {
-  base: string = null;
-  api: string = null;
-  identity: string = null;
-  icons: string = null;
-  notifications: string = null;
-  events: string = null;
-  webVault: string = null;
-  keyConnector: string = null;
-
-  static fromJSON(obj: Jsonify<EnvironmentUrls>): EnvironmentUrls {
-    return Object.assign(new EnvironmentUrls(), obj);
-  }
-}
diff --git a/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts b/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts
deleted file mode 100644
index 3422c078e4..0000000000
--- a/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export class KeyConnectorUserDecryptionOption {
-  constructor(public keyConnectorUrl: string) {}
-}
diff --git a/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts b/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts
deleted file mode 100644
index 6d2dc9d633..0000000000
--- a/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-export class TrustedDeviceUserDecryptionOption {
-  constructor(
-    public hasAdminApproval: boolean,
-    public hasLoginApprovingDevice: boolean,
-    public hasManageResetPasswordPermission: boolean,
-  ) {}
-}
diff --git a/libs/common/src/auth/services/anonymous-hub.service.ts b/libs/common/src/auth/services/anonymous-hub.service.ts
index 3abe42a5f5..747fbc3917 100644
--- a/libs/common/src/auth/services/anonymous-hub.service.ts
+++ b/libs/common/src/auth/services/anonymous-hub.service.ts
@@ -5,14 +5,15 @@ import {
   IHubProtocol,
 } from "@microsoft/signalr";
 import { MessagePackHubProtocol } from "@microsoft/signalr-protocol-msgpack";
+import { firstValueFrom } from "rxjs";
 
-import { LoginStrategyServiceAbstraction } from "../../../../auth/src/common/abstractions/login-strategy.service";
+import { AuthRequestServiceAbstraction } from "../../../../auth/src/common/abstractions";
+import { NotificationType } from "../../enums";
 import {
   AuthRequestPushNotification,
   NotificationResponse,
 } from "../../models/response/notification.response";
 import { EnvironmentService } from "../../platform/abstractions/environment.service";
-import { LogService } from "../../platform/abstractions/log.service";
 import { AnonymousHubService as AnonymousHubServiceAbstraction } from "../abstractions/anonymous-hub.service";
 
 export class AnonymousHubService implements AnonymousHubServiceAbstraction {
@@ -21,12 +22,11 @@ export class AnonymousHubService implements AnonymousHubServiceAbstraction {
 
   constructor(
     private environmentService: EnvironmentService,
-    private loginStrategyService: LoginStrategyServiceAbstraction,
-    private logService: LogService,
+    private authRequestService: AuthRequestServiceAbstraction,
   ) {}
 
   async createHubConnection(token: string) {
-    this.url = this.environmentService.getNotificationsUrl();
+    this.url = (await firstValueFrom(this.environmentService.environment$)).getNotificationsUrl();
 
     this.anonHubConnection = new HubConnectionBuilder()
       .withUrl(this.url + "/anonymous-hub?Token=" + token, {
@@ -36,26 +36,25 @@ export class AnonymousHubService implements AnonymousHubServiceAbstraction {
       .withHubProtocol(new MessagePackHubProtocol() as IHubProtocol)
       .build();
 
-    this.anonHubConnection.start().catch((error) => this.logService.error(error));
+    await this.anonHubConnection.start();
 
     this.anonHubConnection.on("AuthRequestResponseRecieved", (data: any) => {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
       this.ProcessNotification(new NotificationResponse(data));
     });
   }
 
-  stopHubConnection() {
+  async stopHubConnection() {
     if (this.anonHubConnection) {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.anonHubConnection.stop();
+      await this.anonHubConnection.stop();
     }
   }
 
-  private async ProcessNotification(notification: NotificationResponse) {
-    await this.loginStrategyService.sendAuthRequestPushNotification(
-      notification.payload as AuthRequestPushNotification,
-    );
+  private ProcessNotification(notification: NotificationResponse) {
+    switch (notification.type) {
+      case NotificationType.AuthRequestResponse:
+        this.authRequestService.sendAuthRequestPushNotification(
+          notification.payload as AuthRequestPushNotification,
+        );
+    }
   }
 }
diff --git a/libs/common/src/auth/services/auth.service.spec.ts b/libs/common/src/auth/services/auth.service.spec.ts
new file mode 100644
index 0000000000..07e38def4b
--- /dev/null
+++ b/libs/common/src/auth/services/auth.service.spec.ts
@@ -0,0 +1,161 @@
+import { MockProxy, mock } from "jest-mock-extended";
+import { firstValueFrom, of } from "rxjs";
+
+import {
+  FakeAccountService,
+  makeStaticByteArray,
+  mockAccountServiceWith,
+  trackEmissions,
+} from "../../../spec";
+import { ApiService } from "../../abstractions/api.service";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { MessagingService } from "../../platform/abstractions/messaging.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { Utils } from "../../platform/misc/utils";
+import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { UserId } from "../../types/guid";
+import { UserKey } from "../../types/key";
+import { TokenService } from "../abstractions/token.service";
+import { AuthenticationStatus } from "../enums/authentication-status";
+
+import { AuthService } from "./auth.service";
+
+describe("AuthService", () => {
+  let sut: AuthService;
+
+  let accountService: FakeAccountService;
+  let messagingService: MockProxy<MessagingService>;
+  let cryptoService: MockProxy<CryptoService>;
+  let apiService: MockProxy<ApiService>;
+  let stateService: MockProxy<StateService>;
+  let tokenService: MockProxy<TokenService>;
+
+  const userId = Utils.newGuid() as UserId;
+  const userKey = new SymmetricCryptoKey(makeStaticByteArray(32) as Uint8Array) as UserKey;
+
+  beforeEach(() => {
+    accountService = mockAccountServiceWith(userId);
+    messagingService = mock();
+    cryptoService = mock();
+    apiService = mock();
+    stateService = mock();
+    tokenService = mock();
+
+    sut = new AuthService(
+      accountService,
+      messagingService,
+      cryptoService,
+      apiService,
+      stateService,
+      tokenService,
+    );
+  });
+
+  describe("activeAccountStatus$", () => {
+    const accountInfo = {
+      status: AuthenticationStatus.Unlocked,
+      id: userId,
+      email: "email",
+      name: "name",
+    };
+
+    beforeEach(() => {
+      accountService.activeAccountSubject.next(accountInfo);
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(undefined));
+    });
+
+    it("emits LoggedOut when there is no active account", async () => {
+      accountService.activeAccountSubject.next(undefined);
+
+      expect(await firstValueFrom(sut.activeAccountStatus$)).toEqual(
+        AuthenticationStatus.LoggedOut,
+      );
+    });
+
+    it("emits LoggedOut when there is no access token", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(false));
+
+      expect(await firstValueFrom(sut.activeAccountStatus$)).toEqual(
+        AuthenticationStatus.LoggedOut,
+      );
+    });
+
+    it("emits LoggedOut when there is no access token but has a user key", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(false));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(userKey));
+
+      expect(await firstValueFrom(sut.activeAccountStatus$)).toEqual(
+        AuthenticationStatus.LoggedOut,
+      );
+    });
+
+    it("emits Locked when there is an access token and no user key", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(undefined));
+
+      expect(await firstValueFrom(sut.activeAccountStatus$)).toEqual(AuthenticationStatus.Locked);
+    });
+
+    it("emits Unlocked when there is an access token and user key", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(userKey));
+
+      expect(await firstValueFrom(sut.activeAccountStatus$)).toEqual(AuthenticationStatus.Unlocked);
+    });
+
+    it("follows the current active user", async () => {
+      const accountInfo2 = {
+        status: AuthenticationStatus.Unlocked,
+        id: Utils.newGuid() as UserId,
+        email: "email2",
+        name: "name2",
+      };
+
+      const emissions = trackEmissions(sut.activeAccountStatus$);
+
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(userKey));
+      accountService.activeAccountSubject.next(accountInfo2);
+
+      expect(emissions).toEqual([AuthenticationStatus.Locked, AuthenticationStatus.Unlocked]);
+    });
+  });
+
+  describe("authStatusFor$", () => {
+    beforeEach(() => {
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(undefined));
+    });
+
+    it("emits LoggedOut when userId is null", async () => {
+      expect(await firstValueFrom(sut.authStatusFor$(null))).toEqual(
+        AuthenticationStatus.LoggedOut,
+      );
+    });
+
+    it("emits LoggedOut when there is no access token", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(false));
+
+      expect(await firstValueFrom(sut.authStatusFor$(userId))).toEqual(
+        AuthenticationStatus.LoggedOut,
+      );
+    });
+
+    it("emits Locked when there is an access token and no user key", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(undefined));
+
+      expect(await firstValueFrom(sut.authStatusFor$(userId))).toEqual(AuthenticationStatus.Locked);
+    });
+
+    it("emits Unlocked when there is an access token and user key", async () => {
+      tokenService.hasAccessToken$.mockReturnValue(of(true));
+      cryptoService.getInMemoryUserKeyFor$.mockReturnValue(of(userKey));
+
+      expect(await firstValueFrom(sut.authStatusFor$(userId))).toEqual(
+        AuthenticationStatus.Unlocked,
+      );
+    });
+  });
+});
diff --git a/libs/common/src/auth/services/auth.service.ts b/libs/common/src/auth/services/auth.service.ts
index 14d49956a4..de5eb66c06 100644
--- a/libs/common/src/auth/services/auth.service.ts
+++ b/libs/common/src/auth/services/auth.service.ts
@@ -1,18 +1,67 @@
+import {
+  Observable,
+  combineLatest,
+  distinctUntilChanged,
+  map,
+  of,
+  shareReplay,
+  switchMap,
+} from "rxjs";
+
 import { ApiService } from "../../abstractions/api.service";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { KeySuffixOptions } from "../../platform/enums";
+import { UserId } from "../../types/guid";
+import { AccountService } from "../abstractions/account.service";
 import { AuthService as AuthServiceAbstraction } from "../abstractions/auth.service";
+import { TokenService } from "../abstractions/token.service";
 import { AuthenticationStatus } from "../enums/authentication-status";
 
 export class AuthService implements AuthServiceAbstraction {
+  activeAccountStatus$: Observable<AuthenticationStatus>;
+
   constructor(
+    protected accountService: AccountService,
     protected messagingService: MessagingService,
     protected cryptoService: CryptoService,
     protected apiService: ApiService,
     protected stateService: StateService,
-  ) {}
+    private tokenService: TokenService,
+  ) {
+    this.activeAccountStatus$ = this.accountService.activeAccount$.pipe(
+      map((account) => account?.id),
+      switchMap((userId) => {
+        return this.authStatusFor$(userId);
+      }),
+    );
+  }
+
+  authStatusFor$(userId: UserId): Observable<AuthenticationStatus> {
+    if (userId == null) {
+      return of(AuthenticationStatus.LoggedOut);
+    }
+
+    return combineLatest([
+      this.cryptoService.getInMemoryUserKeyFor$(userId),
+      this.tokenService.hasAccessToken$(userId),
+    ]).pipe(
+      map(([userKey, hasAccessToken]) => {
+        if (!hasAccessToken) {
+          return AuthenticationStatus.LoggedOut;
+        }
+
+        if (!userKey) {
+          return AuthenticationStatus.Locked;
+        }
+
+        return AuthenticationStatus.Unlocked;
+      }),
+      distinctUntilChanged(),
+      shareReplay({ bufferSize: 1, refCount: false }),
+    );
+  }
 
   async getAuthStatus(userId?: string): Promise<AuthenticationStatus> {
     // If we don't have an access token or userId, we're logged out
diff --git a/libs/common/src/auth/services/avatar.service.ts b/libs/common/src/auth/services/avatar.service.ts
index b770dc39b9..9b8c83968d 100644
--- a/libs/common/src/auth/services/avatar.service.ts
+++ b/libs/common/src/auth/services/avatar.service.ts
@@ -27,6 +27,10 @@ export class AvatarService implements AvatarServiceAbstraction {
     await this.stateProvider.setUserState(AVATAR_COLOR, avatarColor);
   }
 
+  async setSyncAvatarColor(userId: UserId, color: string): Promise<void> {
+    await this.stateProvider.getUser(userId, AVATAR_COLOR).update(() => color);
+  }
+
   getUserAvatarColor$(userId: UserId): Observable<string | null> {
     return this.stateProvider.getUser(userId, AVATAR_COLOR).state$;
   }
diff --git a/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts b/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts
index 9aa558ba53..e65c5cd499 100644
--- a/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts
+++ b/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts
@@ -1,4 +1,6 @@
-import { firstValueFrom } from "rxjs";
+import { firstValueFrom, map, Observable } from "rxjs";
+
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
@@ -7,9 +9,13 @@ import { EncryptService } from "../../platform/abstractions/encrypt.service";
 import { I18nService } from "../../platform/abstractions/i18n.service";
 import { KeyGenerationService } from "../../platform/abstractions/key-generation.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
-import { StateService } from "../../platform/abstractions/state.service";
+import { AbstractStorageService } from "../../platform/abstractions/storage.service";
+import { StorageLocation } from "../../platform/enums";
 import { EncString } from "../../platform/models/domain/enc-string";
+import { StorageOptions } from "../../platform/models/domain/storage-options";
 import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { DEVICE_TRUST_DISK_LOCAL, KeyDefinition, StateProvider } from "../../platform/state";
+import { UserId } from "../../types/guid";
 import { UserKey, DeviceKey } from "../../types/key";
 import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
 import { DeviceResponse } from "../abstractions/devices/responses/device.response";
@@ -20,41 +26,87 @@ import {
   UpdateDevicesTrustRequest,
 } from "../models/request/update-devices-trust.request";
 
+/** Uses disk storage so that the device key can persist after log out and tab removal. */
+export const DEVICE_KEY = new KeyDefinition<DeviceKey>(DEVICE_TRUST_DISK_LOCAL, "deviceKey", {
+  deserializer: (deviceKey) => SymmetricCryptoKey.fromJSON(deviceKey) as DeviceKey,
+});
+
+/** Uses disk storage so that the shouldTrustDevice bool can persist across login. */
+export const SHOULD_TRUST_DEVICE = new KeyDefinition<boolean>(
+  DEVICE_TRUST_DISK_LOCAL,
+  "shouldTrustDevice",
+  {
+    deserializer: (shouldTrustDevice) => shouldTrustDevice,
+  },
+);
+
 export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstraction {
+  private readonly platformSupportsSecureStorage =
+    this.platformUtilsService.supportsSecureStorage();
+  private readonly deviceKeySecureStorageKey: string = "_deviceKey";
+
+  supportsDeviceTrust$: Observable<boolean>;
+
   constructor(
     private keyGenerationService: KeyGenerationService,
     private cryptoFunctionService: CryptoFunctionService,
     private cryptoService: CryptoService,
     private encryptService: EncryptService,
-    private stateService: StateService,
     private appIdService: AppIdService,
     private devicesApiService: DevicesApiServiceAbstraction,
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
-  ) {}
+    private stateProvider: StateProvider,
+    private secureStorageService: AbstractStorageService,
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+  ) {
+    this.supportsDeviceTrust$ = this.userDecryptionOptionsService.userDecryptionOptions$.pipe(
+      map((options) => options?.trustedDeviceOption != null ?? false),
+    );
+  }
 
   /**
    * @description Retrieves the users choice to trust the device which can only happen after decryption
    * Note: this value should only be used once and then reset
    */
-  async getShouldTrustDevice(): Promise<boolean> {
-    return await this.stateService.getShouldTrustDevice();
+  async getShouldTrustDevice(userId: UserId): Promise<boolean> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot get should trust device.");
+    }
+
+    const shouldTrustDevice = await firstValueFrom(
+      this.stateProvider.getUserState$(SHOULD_TRUST_DEVICE, userId),
+    );
+
+    return shouldTrustDevice;
   }
 
-  async setShouldTrustDevice(value: boolean): Promise<void> {
-    await this.stateService.setShouldTrustDevice(value);
+  async setShouldTrustDevice(userId: UserId, value: boolean): Promise<void> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot set should trust device.");
+    }
+
+    await this.stateProvider.setUserState(SHOULD_TRUST_DEVICE, value, userId);
   }
 
-  async trustDeviceIfRequired(): Promise<void> {
-    const shouldTrustDevice = await this.getShouldTrustDevice();
+  async trustDeviceIfRequired(userId: UserId): Promise<void> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot trust device if required.");
+    }
+
+    const shouldTrustDevice = await this.getShouldTrustDevice(userId);
     if (shouldTrustDevice) {
-      await this.trustDevice();
+      await this.trustDevice(userId);
       // reset the trust choice
-      await this.setShouldTrustDevice(false);
+      await this.setShouldTrustDevice(userId, false);
     }
   }
 
-  async trustDevice(): Promise<DeviceResponse> {
+  async trustDevice(userId: UserId): Promise<DeviceResponse> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot trust device.");
+    }
+
     // Attempt to get user key
     const userKey: UserKey = await this.cryptoService.getUserKey();
 
@@ -95,15 +147,23 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
     );
 
     // store device key in local/secure storage if enc keys posted to server successfully
-    await this.setDeviceKey(deviceKey);
+    await this.setDeviceKey(userId, deviceKey);
 
     this.platformUtilsService.showToast("success", null, this.i18nService.t("deviceTrusted"));
 
     return deviceResponse;
   }
 
-  async rotateDevicesTrust(newUserKey: UserKey, masterPasswordHash: string): Promise<void> {
-    const currentDeviceKey = await this.getDeviceKey();
+  async rotateDevicesTrust(
+    userId: UserId,
+    newUserKey: UserKey,
+    masterPasswordHash: string,
+  ): Promise<void> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot rotate device's trust.");
+    }
+
+    const currentDeviceKey = await this.getDeviceKey(userId);
     if (currentDeviceKey == null) {
       // If the current device doesn't have a device key available to it, then we can't
       // rotate any trust at all, so early return.
@@ -156,26 +216,59 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
     await this.devicesApiService.updateTrust(trustRequest, deviceIdentifier);
   }
 
-  async getDeviceKey(): Promise<DeviceKey> {
-    return await this.stateService.getDeviceKey();
+  async getDeviceKey(userId: UserId): Promise<DeviceKey | null> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot get device key.");
+    }
+
+    if (this.platformSupportsSecureStorage) {
+      const deviceKeyB64 = await this.secureStorageService.get<
+        ReturnType<SymmetricCryptoKey["toJSON"]>
+      >(`${userId}${this.deviceKeySecureStorageKey}`, this.getSecureStorageOptions(userId));
+
+      const deviceKey = SymmetricCryptoKey.fromJSON(deviceKeyB64) as DeviceKey;
+
+      return deviceKey;
+    }
+
+    const deviceKey = await firstValueFrom(this.stateProvider.getUserState$(DEVICE_KEY, userId));
+
+    return deviceKey;
   }
 
-  private async setDeviceKey(deviceKey: DeviceKey | null): Promise<void> {
-    await this.stateService.setDeviceKey(deviceKey);
+  private async setDeviceKey(userId: UserId, deviceKey: DeviceKey | null): Promise<void> {
+    if (!userId) {
+      throw new Error("UserId is required. Cannot set device key.");
+    }
+
+    if (this.platformSupportsSecureStorage) {
+      await this.secureStorageService.save<DeviceKey>(
+        `${userId}${this.deviceKeySecureStorageKey}`,
+        deviceKey,
+        this.getSecureStorageOptions(userId),
+      );
+      return;
+    }
+
+    await this.stateProvider.setUserState(DEVICE_KEY, deviceKey?.toJSON(), userId);
   }
 
   private async makeDeviceKey(): Promise<DeviceKey> {
     // Create 512-bit device key
-    return (await this.keyGenerationService.createKey(512)) as DeviceKey;
+    const deviceKey = (await this.keyGenerationService.createKey(512)) as DeviceKey;
+
+    return deviceKey;
   }
 
   async decryptUserKeyWithDeviceKey(
+    userId: UserId,
     encryptedDevicePrivateKey: EncString,
     encryptedUserKey: EncString,
-    deviceKey?: DeviceKey,
+    deviceKey: DeviceKey,
   ): Promise<UserKey | null> {
-    // If device key provided use it, otherwise try to retrieve from storage
-    deviceKey ||= await this.getDeviceKey();
+    if (!userId) {
+      throw new Error("UserId is required. Cannot decrypt user key with device key.");
+    }
 
     if (!deviceKey) {
       // User doesn't have a device key anymore so device is untrusted
@@ -198,14 +291,17 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
       return new SymmetricCryptoKey(userKey) as UserKey;
     } catch (e) {
       // If either decryption effort fails, we want to remove the device key
-      await this.setDeviceKey(null);
+      await this.setDeviceKey(userId, null);
 
       return null;
     }
   }
 
-  async supportsDeviceTrust(): Promise<boolean> {
-    const decryptionOptions = await this.stateService.getAccountDecryptionOptions();
-    return decryptionOptions?.trustedDeviceOption != null;
+  private getSecureStorageOptions(userId: UserId): StorageOptions {
+    return {
+      storageLocation: StorageLocation.Disk,
+      useSecureStorage: true,
+      userId: userId,
+    };
   }
 }
diff --git a/libs/common/src/auth/services/device-trust-crypto.service.spec.ts b/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
index 8c0a62b125..af147b3481 100644
--- a/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
+++ b/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
@@ -1,6 +1,12 @@
 import { matches, mock } from "jest-mock-extended";
-import { of } from "rxjs";
+import { BehaviorSubject, of } from "rxjs";
 
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
+import { UserDecryptionOptions } from "../../../../auth/src/common/models/domain/user-decryption-options";
+import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
+import { FakeActiveUserState } from "../../../spec/fake-state";
+import { FakeStateProvider } from "../../../spec/fake-state-provider";
 import { DeviceType } from "../../enums";
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
@@ -9,18 +15,26 @@ import { EncryptService } from "../../platform/abstractions/encrypt.service";
 import { I18nService } from "../../platform/abstractions/i18n.service";
 import { KeyGenerationService } from "../../platform/abstractions/key-generation.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
-import { StateService } from "../../platform/abstractions/state.service";
+import { AbstractStorageService } from "../../platform/abstractions/storage.service";
+import { StorageLocation } from "../../platform/enums";
 import { EncryptionType } from "../../platform/enums/encryption-type.enum";
+import { Utils } from "../../platform/misc/utils";
 import { EncString } from "../../platform/models/domain/enc-string";
+import { StorageOptions } from "../../platform/models/domain/storage-options";
 import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "../../types/csprng";
+import { UserId } from "../../types/guid";
 import { DeviceKey, UserKey } from "../../types/key";
 import { DeviceResponse } from "../abstractions/devices/responses/device.response";
 import { DevicesApiServiceAbstraction } from "../abstractions/devices-api.service.abstraction";
 import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request";
 import { ProtectedDeviceResponse } from "../models/response/protected-device.response";
 
-import { DeviceTrustCryptoService } from "./device-trust-crypto.service.implementation";
+import {
+  SHOULD_TRUST_DEVICE,
+  DEVICE_KEY,
+  DeviceTrustCryptoService,
+} from "./device-trust-crypto.service.implementation";
 
 describe("deviceTrustCryptoService", () => {
   let deviceTrustCryptoService: DeviceTrustCryptoService;
@@ -29,26 +43,34 @@ describe("deviceTrustCryptoService", () => {
   const cryptoFunctionService = mock<CryptoFunctionService>();
   const cryptoService = mock<CryptoService>();
   const encryptService = mock<EncryptService>();
-  const stateService = mock<StateService>();
   const appIdService = mock<AppIdService>();
   const devicesApiService = mock<DevicesApiServiceAbstraction>();
   const i18nService = mock<I18nService>();
   const platformUtilsService = mock<PlatformUtilsService>();
+  const secureStorageService = mock<AbstractStorageService>();
+
+  const userDecryptionOptionsService = mock<UserDecryptionOptionsServiceAbstraction>();
+  const decryptionOptions = new BehaviorSubject<UserDecryptionOptions>(null);
+
+  let stateProvider: FakeStateProvider;
+
+  const mockUserId = Utils.newGuid() as UserId;
+  let accountService: FakeAccountService;
+
+  const deviceKeyPartialSecureStorageKey = "_deviceKey";
+  const deviceKeySecureStorageKey = `${mockUserId}${deviceKeyPartialSecureStorageKey}`;
+
+  const secureStorageOptions: StorageOptions = {
+    storageLocation: StorageLocation.Disk,
+    useSecureStorage: true,
+    userId: mockUserId,
+  };
 
   beforeEach(() => {
     jest.clearAllMocks();
-
-    deviceTrustCryptoService = new DeviceTrustCryptoService(
-      keyGenerationService,
-      cryptoFunctionService,
-      cryptoService,
-      encryptService,
-      stateService,
-      appIdService,
-      devicesApiService,
-      i18nService,
-      platformUtilsService,
-    );
+    const supportsSecureStorage = false; // default to false; tests will override as needed
+    // By default all the tests will have a mocked active user in state provider.
+    deviceTrustCryptoService = createDeviceTrustCryptoService(mockUserId, supportsSecureStorage);
   });
 
   it("instantiates", () => {
@@ -57,27 +79,26 @@ describe("deviceTrustCryptoService", () => {
 
   describe("User Trust Device Choice For Decryption", () => {
     describe("getShouldTrustDevice", () => {
-      it("gets the user trust device choice for decryption from the state service", async () => {
-        const stateSvcGetShouldTrustDeviceSpy = jest.spyOn(stateService, "getShouldTrustDevice");
+      it("gets the user trust device choice for decryption", async () => {
+        const newValue = true;
 
-        const expectedValue = true;
-        stateSvcGetShouldTrustDeviceSpy.mockResolvedValue(expectedValue);
-        const result = await deviceTrustCryptoService.getShouldTrustDevice();
+        await stateProvider.setUserState(SHOULD_TRUST_DEVICE, newValue, mockUserId);
 
-        expect(stateSvcGetShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
-        expect(result).toEqual(expectedValue);
+        const result = await deviceTrustCryptoService.getShouldTrustDevice(mockUserId);
+
+        expect(result).toEqual(newValue);
       });
     });
 
     describe("setShouldTrustDevice", () => {
-      it("sets the user trust device choice for decryption in the state service", async () => {
-        const stateSvcSetShouldTrustDeviceSpy = jest.spyOn(stateService, "setShouldTrustDevice");
+      it("sets the user trust device choice for decryption ", async () => {
+        await stateProvider.setUserState(SHOULD_TRUST_DEVICE, false, mockUserId);
 
         const newValue = true;
-        await deviceTrustCryptoService.setShouldTrustDevice(newValue);
+        await deviceTrustCryptoService.setShouldTrustDevice(mockUserId, newValue);
 
-        expect(stateSvcSetShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
-        expect(stateSvcSetShouldTrustDeviceSpy).toHaveBeenCalledWith(newValue);
+        const result = await deviceTrustCryptoService.getShouldTrustDevice(mockUserId);
+        expect(result).toEqual(newValue);
       });
     });
   });
@@ -88,11 +109,11 @@ describe("deviceTrustCryptoService", () => {
       jest.spyOn(deviceTrustCryptoService, "trustDevice").mockResolvedValue({} as DeviceResponse);
       jest.spyOn(deviceTrustCryptoService, "setShouldTrustDevice").mockResolvedValue();
 
-      await deviceTrustCryptoService.trustDeviceIfRequired();
+      await deviceTrustCryptoService.trustDeviceIfRequired(mockUserId);
 
       expect(deviceTrustCryptoService.getShouldTrustDevice).toHaveBeenCalledTimes(1);
       expect(deviceTrustCryptoService.trustDevice).toHaveBeenCalledTimes(1);
-      expect(deviceTrustCryptoService.setShouldTrustDevice).toHaveBeenCalledWith(false);
+      expect(deviceTrustCryptoService.setShouldTrustDevice).toHaveBeenCalledWith(mockUserId, false);
     });
 
     it("should not trust device nor reset when getShouldTrustDevice returns false", async () => {
@@ -102,7 +123,7 @@ describe("deviceTrustCryptoService", () => {
       const trustDeviceSpy = jest.spyOn(deviceTrustCryptoService, "trustDevice");
       const setShouldTrustDeviceSpy = jest.spyOn(deviceTrustCryptoService, "setShouldTrustDevice");
 
-      await deviceTrustCryptoService.trustDeviceIfRequired();
+      await deviceTrustCryptoService.trustDeviceIfRequired(mockUserId);
 
       expect(getShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
       expect(trustDeviceSpy).not.toHaveBeenCalled();
@@ -116,53 +137,140 @@ describe("deviceTrustCryptoService", () => {
 
     describe("getDeviceKey", () => {
       let existingDeviceKey: DeviceKey;
-      let stateSvcGetDeviceKeySpy: jest.SpyInstance;
+      let existingDeviceKeyB64: { keyB64: string };
 
       beforeEach(() => {
         existingDeviceKey = new SymmetricCryptoKey(
           new Uint8Array(deviceKeyBytesLength) as CsprngArray,
         ) as DeviceKey;
 
-        stateSvcGetDeviceKeySpy = jest.spyOn(stateService, "getDeviceKey");
+        existingDeviceKeyB64 = existingDeviceKey.toJSON();
       });
 
-      it("returns null when there is not an existing device key", async () => {
-        stateSvcGetDeviceKeySpy.mockResolvedValue(null);
+      describe("Secure Storage not supported", () => {
+        it("returns null when there is not an existing device key", async () => {
+          await stateProvider.setUserState(DEVICE_KEY, null, mockUserId);
 
-        const deviceKey = await deviceTrustCryptoService.getDeviceKey();
+          const deviceKey = await deviceTrustCryptoService.getDeviceKey(mockUserId);
 
-        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
+          expect(deviceKey).toBeNull();
+          expect(secureStorageService.get).not.toHaveBeenCalled();
+        });
 
-        expect(deviceKey).toBeNull();
+        it("returns the device key when there is an existing device key", async () => {
+          await stateProvider.setUserState(DEVICE_KEY, existingDeviceKey, mockUserId);
+
+          const deviceKey = await deviceTrustCryptoService.getDeviceKey(mockUserId);
+
+          expect(deviceKey).not.toBeNull();
+          expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
+          expect(deviceKey).toEqual(existingDeviceKey);
+          expect(secureStorageService.get).not.toHaveBeenCalled();
+        });
       });
 
-      it("returns the device key when there is an existing device key", async () => {
-        stateSvcGetDeviceKeySpy.mockResolvedValue(existingDeviceKey);
+      describe("Secure Storage supported", () => {
+        beforeEach(() => {
+          const supportsSecureStorage = true;
+          deviceTrustCryptoService = createDeviceTrustCryptoService(
+            mockUserId,
+            supportsSecureStorage,
+          );
+        });
 
-        const deviceKey = await deviceTrustCryptoService.getDeviceKey();
+        it("returns null when there is not an existing device key for the passed in user id", async () => {
+          secureStorageService.get.mockResolvedValue(null);
 
-        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
+          // Act
+          const deviceKey = await deviceTrustCryptoService.getDeviceKey(mockUserId);
 
-        expect(deviceKey).not.toBeNull();
-        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
-        expect(deviceKey).toEqual(existingDeviceKey);
+          // Assert
+          expect(deviceKey).toBeNull();
+        });
+
+        it("returns the device key when there is an existing device key for the passed in user id", async () => {
+          // Arrange
+          secureStorageService.get.mockResolvedValue(existingDeviceKeyB64);
+
+          // Act
+          const deviceKey = await deviceTrustCryptoService.getDeviceKey(mockUserId);
+
+          // Assert
+          expect(deviceKey).not.toBeNull();
+          expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
+          expect(deviceKey).toEqual(existingDeviceKey);
+        });
+      });
+
+      it("throws an error when no user id is passed in", async () => {
+        await expect(deviceTrustCryptoService.getDeviceKey(null)).rejects.toThrow(
+          "UserId is required. Cannot get device key.",
+        );
       });
     });
 
     describe("setDeviceKey", () => {
-      it("sets the device key in the state service", async () => {
-        const stateSvcSetDeviceKeySpy = jest.spyOn(stateService, "setDeviceKey");
+      describe("Secure Storage not supported", () => {
+        it("successfully sets the device key in state provider", async () => {
+          await stateProvider.setUserState(DEVICE_KEY, null, mockUserId);
 
-        const deviceKey = new SymmetricCryptoKey(
+          const newDeviceKey = new SymmetricCryptoKey(
+            new Uint8Array(deviceKeyBytesLength) as CsprngArray,
+          ) as DeviceKey;
+
+          // TypeScript will allow calling private methods if the object is of type 'any'
+          // This is a hacky workaround, but it allows for cleaner tests
+          await (deviceTrustCryptoService as any).setDeviceKey(mockUserId, newDeviceKey);
+
+          expect(stateProvider.mock.setUserState).toHaveBeenLastCalledWith(
+            DEVICE_KEY,
+            newDeviceKey.toJSON(),
+            mockUserId,
+          );
+        });
+      });
+      describe("Secure Storage supported", () => {
+        beforeEach(() => {
+          const supportsSecureStorage = true;
+          deviceTrustCryptoService = createDeviceTrustCryptoService(
+            mockUserId,
+            supportsSecureStorage,
+          );
+        });
+
+        it("successfully sets the device key in secure storage", async () => {
+          // Arrange
+          await stateProvider.setUserState(DEVICE_KEY, null, mockUserId);
+
+          secureStorageService.get.mockResolvedValue(null);
+
+          const newDeviceKey = new SymmetricCryptoKey(
+            new Uint8Array(deviceKeyBytesLength) as CsprngArray,
+          ) as DeviceKey;
+
+          // Act
+          // TypeScript will allow calling private methods if the object is of type 'any'
+          // This is a hacky workaround, but it allows for cleaner tests
+          await (deviceTrustCryptoService as any).setDeviceKey(mockUserId, newDeviceKey);
+
+          // Assert
+          expect(stateProvider.mock.setUserState).not.toHaveBeenCalledTimes(2);
+          expect(secureStorageService.save).toHaveBeenCalledWith(
+            deviceKeySecureStorageKey,
+            newDeviceKey,
+            secureStorageOptions,
+          );
+        });
+      });
+
+      it("throws an error when a null user id is passed in", async () => {
+        const newDeviceKey = new SymmetricCryptoKey(
           new Uint8Array(deviceKeyBytesLength) as CsprngArray,
         ) as DeviceKey;
 
-        // TypeScript will allow calling private methods if the object is of type 'any'
-        // This is a hacky workaround, but it allows for cleaner tests
-        await (deviceTrustCryptoService as any).setDeviceKey(deviceKey);
-
-        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledWith(deviceKey);
+        await expect(
+          (deviceTrustCryptoService as any).setDeviceKey(null, newDeviceKey),
+        ).rejects.toThrow("UserId is required. Cannot set device key.");
       });
     });
 
@@ -290,7 +398,7 @@ describe("deviceTrustCryptoService", () => {
       });
 
       it("calls the required methods with the correct arguments and returns a DeviceResponse", async () => {
-        const response = await deviceTrustCryptoService.trustDevice();
+        const response = await deviceTrustCryptoService.trustDevice(mockUserId);
 
         expect(makeDeviceKeySpy).toHaveBeenCalledTimes(1);
         expect(rsaGenerateKeyPairSpy).toHaveBeenCalledTimes(1);
@@ -321,7 +429,7 @@ describe("deviceTrustCryptoService", () => {
         // setup the spy to return null
         cryptoSvcGetUserKeySpy.mockResolvedValue(null);
         // check if the expected error is thrown
-        await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
+        await expect(deviceTrustCryptoService.trustDevice(mockUserId)).rejects.toThrow(
           "User symmetric key not found",
         );
 
@@ -331,7 +439,7 @@ describe("deviceTrustCryptoService", () => {
         // setup the spy to return undefined
         cryptoSvcGetUserKeySpy.mockResolvedValue(undefined);
         // check if the expected error is thrown
-        await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
+        await expect(deviceTrustCryptoService.trustDevice(mockUserId)).rejects.toThrow(
           "User symmetric key not found",
         );
       });
@@ -371,7 +479,9 @@ describe("deviceTrustCryptoService", () => {
           it(`throws an error if ${method} fails`, async () => {
             const methodSpy = spy();
             methodSpy.mockRejectedValue(new Error(errorText));
-            await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(errorText);
+            await expect(deviceTrustCryptoService.trustDevice(mockUserId)).rejects.toThrow(
+              errorText,
+            );
           });
 
           test.each([null, undefined])(
@@ -379,11 +489,17 @@ describe("deviceTrustCryptoService", () => {
             async (invalidValue) => {
               const methodSpy = spy();
               methodSpy.mockResolvedValue(invalidValue);
-              await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow();
+              await expect(deviceTrustCryptoService.trustDevice(mockUserId)).rejects.toThrow();
             },
           );
         },
       );
+
+      it("throws an error when a null user id is passed in", async () => {
+        await expect(deviceTrustCryptoService.trustDevice(null)).rejects.toThrow(
+          "UserId is required. Cannot trust device.",
+        );
+      });
     });
 
     describe("decryptUserKeyWithDeviceKey", () => {
@@ -412,19 +528,26 @@ describe("deviceTrustCryptoService", () => {
         jest.clearAllMocks();
       });
 
-      it("returns null when device key isn't provided and isn't in state", async () => {
-        const getDeviceKeySpy = jest
-          .spyOn(deviceTrustCryptoService, "getDeviceKey")
-          .mockResolvedValue(null);
+      it("throws an error when a null user id is passed in", async () => {
+        await expect(
+          deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+            null,
+            mockEncryptedDevicePrivateKey,
+            mockEncryptedUserKey,
+            mockDeviceKey,
+          ),
+        ).rejects.toThrow("UserId is required. Cannot decrypt user key with device key.");
+      });
 
+      it("returns null when device key isn't provided", async () => {
         const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockUserId,
           mockEncryptedDevicePrivateKey,
           mockEncryptedUserKey,
+          mockDeviceKey,
         );
 
         expect(result).toBeNull();
-
-        expect(getDeviceKeySpy).toHaveBeenCalledTimes(1);
       });
 
       it("successfully returns the user key when provided keys (including device key) can decrypt it", async () => {
@@ -436,6 +559,7 @@ describe("deviceTrustCryptoService", () => {
           .mockResolvedValue(new Uint8Array(userKeyBytesLength));
 
         const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockUserId,
           mockEncryptedDevicePrivateKey,
           mockEncryptedUserKey,
           mockDeviceKey,
@@ -446,31 +570,6 @@ describe("deviceTrustCryptoService", () => {
         expect(rsaDecryptSpy).toHaveBeenCalledTimes(1);
       });
 
-      it("successfully returns the user key when a device key is not provided (retrieves device key from state)", async () => {
-        const getDeviceKeySpy = jest
-          .spyOn(deviceTrustCryptoService, "getDeviceKey")
-          .mockResolvedValue(mockDeviceKey);
-
-        const decryptToBytesSpy = jest
-          .spyOn(encryptService, "decryptToBytes")
-          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
-        const rsaDecryptSpy = jest
-          .spyOn(cryptoService, "rsaDecrypt")
-          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
-
-        // Call without providing a device key
-        const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
-          mockEncryptedDevicePrivateKey,
-          mockEncryptedUserKey,
-        );
-
-        expect(getDeviceKeySpy).toHaveBeenCalledTimes(1);
-
-        expect(result).toEqual(mockUserKey);
-        expect(decryptToBytesSpy).toHaveBeenCalledTimes(1);
-        expect(rsaDecryptSpy).toHaveBeenCalledTimes(1);
-      });
-
       it("returns null and removes device key when the decryption fails", async () => {
         const decryptToBytesSpy = jest
           .spyOn(encryptService, "decryptToBytes")
@@ -478,6 +577,7 @@ describe("deviceTrustCryptoService", () => {
         const setDeviceKeySpy = jest.spyOn(deviceTrustCryptoService as any, "setDeviceKey");
 
         const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockUserId,
           mockEncryptedDevicePrivateKey,
           mockEncryptedUserKey,
           mockDeviceKey,
@@ -486,7 +586,7 @@ describe("deviceTrustCryptoService", () => {
         expect(result).toBeNull();
         expect(decryptToBytesSpy).toHaveBeenCalledTimes(1);
         expect(setDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(setDeviceKeySpy).toHaveBeenCalledWith(null);
+        expect(setDeviceKeySpy).toHaveBeenCalledWith(mockUserId, null);
       });
     });
 
@@ -504,19 +604,28 @@ describe("deviceTrustCryptoService", () => {
         cryptoService.activeUserKey$ = of(fakeNewUserKey);
       });
 
-      it("does an early exit when the current device is not a trusted device", async () => {
-        stateService.getDeviceKey.mockResolvedValue(null);
+      it("throws an error when a null user id is passed in", async () => {
+        await expect(
+          deviceTrustCryptoService.rotateDevicesTrust(null, fakeNewUserKey, ""),
+        ).rejects.toThrow("UserId is required. Cannot rotate device's trust.");
+      });
 
-        await deviceTrustCryptoService.rotateDevicesTrust(fakeNewUserKey, "");
+      it("does an early exit when the current device is not a trusted device", async () => {
+        const deviceKeyState: FakeActiveUserState<DeviceKey> =
+          stateProvider.activeUser.getFake(DEVICE_KEY);
+        deviceKeyState.nextState(null);
+
+        await deviceTrustCryptoService.rotateDevicesTrust(mockUserId, fakeNewUserKey, "");
 
         expect(devicesApiService.updateTrust).not.toHaveBeenCalled();
       });
 
       describe("is on a trusted device", () => {
-        beforeEach(() => {
-          stateService.getDeviceKey.mockResolvedValue(
-            new SymmetricCryptoKey(new Uint8Array(deviceKeyBytesLength)) as DeviceKey,
-          );
+        beforeEach(async () => {
+          const mockDeviceKey = new SymmetricCryptoKey(
+            new Uint8Array(deviceKeyBytesLength),
+          ) as DeviceKey;
+          await stateProvider.setUserState(DEVICE_KEY, mockDeviceKey, mockUserId);
         });
 
         it("rotates current device keys and calls api service when the current device is trusted", async () => {
@@ -582,7 +691,11 @@ describe("deviceTrustCryptoService", () => {
             );
           });
 
-          await deviceTrustCryptoService.rotateDevicesTrust(fakeNewUserKey, "my_password_hash");
+          await deviceTrustCryptoService.rotateDevicesTrust(
+            mockUserId,
+            fakeNewUserKey,
+            "my_password_hash",
+          );
 
           expect(devicesApiService.updateTrust).toHaveBeenCalledWith(
             matches((updateTrustModel: UpdateDevicesTrustRequest) => {
@@ -598,4 +711,32 @@ describe("deviceTrustCryptoService", () => {
       });
     });
   });
+
+  // Helpers
+  function createDeviceTrustCryptoService(
+    mockUserId: UserId | null,
+    supportsSecureStorage: boolean,
+  ) {
+    accountService = mockAccountServiceWith(mockUserId);
+    stateProvider = new FakeStateProvider(accountService);
+
+    platformUtilsService.supportsSecureStorage.mockReturnValue(supportsSecureStorage);
+
+    decryptionOptions.next({} as any);
+    userDecryptionOptionsService.userDecryptionOptions$ = decryptionOptions;
+
+    return new DeviceTrustCryptoService(
+      keyGenerationService,
+      cryptoFunctionService,
+      cryptoService,
+      encryptService,
+      appIdService,
+      devicesApiService,
+      i18nService,
+      platformUtilsService,
+      stateProvider,
+      secureStorageService,
+      userDecryptionOptionsService,
+    );
+  }
 });
diff --git a/libs/common/src/auth/services/key-connector.service.spec.ts b/libs/common/src/auth/services/key-connector.service.spec.ts
new file mode 100644
index 0000000000..50fed856f9
--- /dev/null
+++ b/libs/common/src/auth/services/key-connector.service.spec.ts
@@ -0,0 +1,376 @@
+import { mock } from "jest-mock-extended";
+
+import { FakeAccountService, FakeStateProvider, mockAccountServiceWith } from "../../../spec";
+import { ApiService } from "../../abstractions/api.service";
+import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
+import { OrganizationData } from "../../admin-console/models/data/organization.data";
+import { Organization } from "../../admin-console/models/domain/organization";
+import { ProfileOrganizationResponse } from "../../admin-console/models/response/profile-organization.response";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { LogService } from "../../platform/abstractions/log.service";
+import { Utils } from "../../platform/misc/utils";
+import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { KeyGenerationService } from "../../platform/services/key-generation.service";
+import { OrganizationId, UserId } from "../../types/guid";
+import { MasterKey } from "../../types/key";
+import { KeyConnectorUserKeyRequest } from "../models/request/key-connector-user-key.request";
+import { KeyConnectorUserKeyResponse } from "../models/response/key-connector-user-key.response";
+
+import {
+  USES_KEY_CONNECTOR,
+  CONVERT_ACCOUNT_TO_KEY_CONNECTOR,
+  KeyConnectorService,
+} from "./key-connector.service";
+import { TokenService } from "./token.service";
+
+describe("KeyConnectorService", () => {
+  let keyConnectorService: KeyConnectorService;
+
+  const cryptoService = mock<CryptoService>();
+  const apiService = mock<ApiService>();
+  const tokenService = mock<TokenService>();
+  const logService = mock<LogService>();
+  const organizationService = mock<OrganizationService>();
+  const keyGenerationService = mock<KeyGenerationService>();
+
+  let stateProvider: FakeStateProvider;
+
+  let accountService: FakeAccountService;
+
+  const mockUserId = Utils.newGuid() as UserId;
+  const mockOrgId = Utils.newGuid() as OrganizationId;
+
+  const mockMasterKeyResponse: KeyConnectorUserKeyResponse = new KeyConnectorUserKeyResponse({
+    key: "eO9nVlVl3I3sU6O+CyK0kEkpGtl/auT84Hig2WTXmZtDTqYtKpDvUPfjhgMOHf+KQzx++TVS2AOLYq856Caa7w==",
+  });
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    accountService = mockAccountServiceWith(mockUserId);
+    stateProvider = new FakeStateProvider(accountService);
+
+    keyConnectorService = new KeyConnectorService(
+      cryptoService,
+      apiService,
+      tokenService,
+      logService,
+      organizationService,
+      keyGenerationService,
+      async () => {},
+      stateProvider,
+    );
+  });
+
+  it("instantiates", () => {
+    expect(keyConnectorService).not.toBeFalsy();
+  });
+
+  describe("setUsesKeyConnector()", () => {
+    it("should update the usesKeyConnectorState with the provided value", async () => {
+      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
+      state.nextState(false);
+
+      const newValue = true;
+
+      await keyConnectorService.setUsesKeyConnector(newValue);
+
+      expect(await keyConnectorService.getUsesKeyConnector()).toBe(newValue);
+    });
+  });
+
+  describe("getManagingOrganization()", () => {
+    it("should return the managing organization with key connector enabled", async () => {
+      // Arrange
+      const orgs = [
+        organizationData(true, true, "https://key-connector-url.com", 2, false),
+        organizationData(false, true, "https://key-connector-url.com", 2, false),
+        organizationData(true, false, "https://key-connector-url.com", 2, false),
+        organizationData(true, true, "https://other-url.com", 2, false),
+      ];
+      organizationService.getAll.mockResolvedValue(orgs);
+
+      // Act
+      const result = await keyConnectorService.getManagingOrganization();
+
+      // Assert
+      expect(result).toEqual(orgs[0]);
+    });
+
+    it("should return undefined if no managing organization with key connector enabled is found", async () => {
+      // Arrange
+      const orgs = [
+        organizationData(true, false, "https://key-connector-url.com", 2, false),
+        organizationData(false, false, "https://key-connector-url.com", 2, false),
+      ];
+      organizationService.getAll.mockResolvedValue(orgs);
+
+      // Act
+      const result = await keyConnectorService.getManagingOrganization();
+
+      // Assert
+      expect(result).toBeUndefined();
+    });
+
+    it("should return undefined if user is Owner or Admin", async () => {
+      // Arrange
+      const orgs = [
+        organizationData(true, true, "https://key-connector-url.com", 0, false),
+        organizationData(true, true, "https://key-connector-url.com", 1, false),
+      ];
+      organizationService.getAll.mockResolvedValue(orgs);
+
+      // Act
+      const result = await keyConnectorService.getManagingOrganization();
+
+      // Assert
+      expect(result).toBeUndefined();
+    });
+
+    it("should return undefined if user is a Provider", async () => {
+      // Arrange
+      const orgs = [
+        organizationData(true, true, "https://key-connector-url.com", 2, true),
+        organizationData(false, true, "https://key-connector-url.com", 2, true),
+      ];
+      organizationService.getAll.mockResolvedValue(orgs);
+
+      // Act
+      const result = await keyConnectorService.getManagingOrganization();
+
+      // Assert
+      expect(result).toBeUndefined();
+    });
+  });
+
+  describe("setConvertAccountRequired()", () => {
+    it("should update the convertAccountToKeyConnectorState with the provided value", async () => {
+      const state = stateProvider.activeUser.getFake(CONVERT_ACCOUNT_TO_KEY_CONNECTOR);
+      state.nextState(false);
+
+      const newValue = true;
+
+      await keyConnectorService.setConvertAccountRequired(newValue);
+
+      expect(await keyConnectorService.getConvertAccountRequired()).toBe(newValue);
+    });
+
+    it("should remove the convertAccountToKeyConnectorState", async () => {
+      const state = stateProvider.activeUser.getFake(CONVERT_ACCOUNT_TO_KEY_CONNECTOR);
+      state.nextState(false);
+
+      const newValue: boolean = null;
+
+      await keyConnectorService.setConvertAccountRequired(newValue);
+
+      expect(await keyConnectorService.getConvertAccountRequired()).toBe(newValue);
+    });
+  });
+
+  describe("userNeedsMigration()", () => {
+    it("should return true if the user needs migration", async () => {
+      // token
+      tokenService.getIsExternal.mockResolvedValue(true);
+
+      // create organization object
+      const data = organizationData(true, true, "https://key-connector-url.com", 2, false);
+      organizationService.getAll.mockResolvedValue([data]);
+
+      // uses KeyConnector
+      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
+      state.nextState(false);
+
+      const result = await keyConnectorService.userNeedsMigration();
+
+      expect(result).toBe(true);
+    });
+
+    it("should return false if the user does not need migration", async () => {
+      tokenService.getIsExternal.mockResolvedValue(false);
+      const data = organizationData(false, false, "https://key-connector-url.com", 2, false);
+      organizationService.getAll.mockResolvedValue([data]);
+
+      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
+      state.nextState(true);
+      const result = await keyConnectorService.userNeedsMigration();
+
+      expect(result).toBe(false);
+    });
+  });
+
+  describe("setMasterKeyFromUrl", () => {
+    it("should set the master key from the provided URL", async () => {
+      // Arrange
+      const url = "https://key-connector-url.com";
+
+      apiService.getMasterKeyFromKeyConnector.mockResolvedValue(mockMasterKeyResponse);
+
+      // Hard to mock these, but we can generate the same keys
+      const keyArr = Utils.fromB64ToArray(mockMasterKeyResponse.key);
+      const masterKey = new SymmetricCryptoKey(keyArr) as MasterKey;
+
+      // Act
+      await keyConnectorService.setMasterKeyFromUrl(url);
+
+      // Assert
+      expect(apiService.getMasterKeyFromKeyConnector).toHaveBeenCalledWith(url);
+      expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
+    });
+
+    it("should handle errors thrown during the process", async () => {
+      // Arrange
+      const url = "https://key-connector-url.com";
+
+      const error = new Error("Failed to get master key");
+      apiService.getMasterKeyFromKeyConnector.mockRejectedValue(error);
+      jest.spyOn(logService, "error");
+
+      try {
+        // Act
+        await keyConnectorService.setMasterKeyFromUrl(url);
+      } catch {
+        // Assert
+        expect(logService.error).toHaveBeenCalledWith(error);
+        expect(apiService.getMasterKeyFromKeyConnector).toHaveBeenCalledWith(url);
+      }
+    });
+  });
+
+  describe("migrateUser()", () => {
+    it("should migrate the user to the key connector", async () => {
+      // Arrange
+      const organization = organizationData(true, true, "https://key-connector-url.com", 2, false);
+      const masterKey = getMockMasterKey();
+      const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
+
+      jest.spyOn(keyConnectorService, "getManagingOrganization").mockResolvedValue(organization);
+      jest.spyOn(cryptoService, "getMasterKey").mockResolvedValue(masterKey);
+      jest.spyOn(apiService, "postUserKeyToKeyConnector").mockResolvedValue();
+
+      // Act
+      await keyConnectorService.migrateUser();
+
+      // Assert
+      expect(keyConnectorService.getManagingOrganization).toHaveBeenCalled();
+      expect(cryptoService.getMasterKey).toHaveBeenCalled();
+      expect(apiService.postUserKeyToKeyConnector).toHaveBeenCalledWith(
+        organization.keyConnectorUrl,
+        keyConnectorRequest,
+      );
+      expect(apiService.postConvertToKeyConnector).toHaveBeenCalled();
+    });
+
+    it("should handle errors thrown during migration", async () => {
+      // Arrange
+      const organization = organizationData(true, true, "https://key-connector-url.com", 2, false);
+      const masterKey = getMockMasterKey();
+      const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
+      const error = new Error("Failed to post user key to key connector");
+      organizationService.getAll.mockResolvedValue([organization]);
+
+      jest.spyOn(keyConnectorService, "getManagingOrganization").mockResolvedValue(organization);
+      jest.spyOn(cryptoService, "getMasterKey").mockResolvedValue(masterKey);
+      jest.spyOn(apiService, "postUserKeyToKeyConnector").mockRejectedValue(error);
+      jest.spyOn(logService, "error");
+
+      try {
+        // Act
+        await keyConnectorService.migrateUser();
+      } catch {
+        // Assert
+        expect(logService.error).toHaveBeenCalledWith(error);
+        expect(keyConnectorService.getManagingOrganization).toHaveBeenCalled();
+        expect(cryptoService.getMasterKey).toHaveBeenCalled();
+        expect(apiService.postUserKeyToKeyConnector).toHaveBeenCalledWith(
+          organization.keyConnectorUrl,
+          keyConnectorRequest,
+        );
+      }
+    });
+  });
+
+  function organizationData(
+    usesKeyConnector: boolean,
+    keyConnectorEnabled: boolean,
+    keyConnectorUrl: string,
+    userType: number,
+    isProviderUser: boolean,
+  ): Organization {
+    return new Organization(
+      new OrganizationData(
+        new ProfileOrganizationResponse({
+          id: mockOrgId,
+          name: "TEST_KEY_CONNECTOR_ORG",
+          usePolicies: true,
+          useSso: true,
+          useKeyConnector: usesKeyConnector,
+          useScim: true,
+          useGroups: true,
+          useDirectory: true,
+          useEvents: true,
+          useTotp: true,
+          use2fa: true,
+          useApi: true,
+          useResetPassword: true,
+          useSecretsManager: true,
+          usePasswordManager: true,
+          usersGetPremium: true,
+          useCustomPermissions: true,
+          useActivateAutofillPolicy: true,
+          selfHost: true,
+          seats: 5,
+          maxCollections: null,
+          maxStorageGb: 1,
+          key: "super-secret-key",
+          status: 2,
+          type: userType,
+          enabled: true,
+          ssoBound: true,
+          identifier: "TEST_KEY_CONNECTOR_ORG",
+          permissions: {
+            accessEventLogs: false,
+            accessImportExport: false,
+            accessReports: false,
+            createNewCollections: false,
+            editAnyCollection: false,
+            deleteAnyCollection: false,
+            editAssignedCollections: false,
+            deleteAssignedCollections: false,
+            manageGroups: false,
+            managePolicies: false,
+            manageSso: false,
+            manageUsers: false,
+            manageResetPassword: false,
+            manageScim: false,
+          },
+          resetPasswordEnrolled: true,
+          userId: mockUserId,
+          hasPublicAndPrivateKeys: true,
+          providerId: null,
+          providerName: null,
+          providerType: null,
+          familySponsorshipFriendlyName: null,
+          familySponsorshipAvailable: true,
+          planProductType: 3,
+          KeyConnectorEnabled: keyConnectorEnabled,
+          KeyConnectorUrl: keyConnectorUrl,
+          familySponsorshipLastSyncDate: null,
+          familySponsorshipValidUntil: null,
+          familySponsorshipToDelete: null,
+          accessSecretsManager: false,
+          limitCollectionCreationDeletion: true,
+          allowAdminAccessToAllCollectionItems: true,
+          flexibleCollections: false,
+          object: "profileOrganization",
+        }),
+        { isMember: true, isProviderUser: isProviderUser },
+      ),
+    );
+  }
+
+  function getMockMasterKey(): MasterKey {
+    const keyArr = Utils.fromB64ToArray(mockMasterKeyResponse.key);
+    const masterKey = new SymmetricCryptoKey(keyArr) as MasterKey;
+    return masterKey;
+  }
+});
diff --git a/libs/common/src/auth/services/key-connector.service.ts b/libs/common/src/auth/services/key-connector.service.ts
index cded13a74b..d1502ce06c 100644
--- a/libs/common/src/auth/services/key-connector.service.ts
+++ b/libs/common/src/auth/services/key-connector.service.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { ApiService } from "../../abstractions/api.service";
 import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
 import { OrganizationUserType } from "../../admin-console/enums";
@@ -5,9 +7,14 @@ import { KeysRequest } from "../../models/request/keys.request";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { KeyGenerationService } from "../../platform/abstractions/key-generation.service";
 import { LogService } from "../../platform/abstractions/log.service";
-import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
 import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import {
+  ActiveUserState,
+  KEY_CONNECTOR_DISK,
+  StateProvider,
+  UserKeyDefinition,
+} from "../../platform/state";
 import { MasterKey } from "../../types/key";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
@@ -16,9 +23,28 @@ import { KeyConnectorUserKeyRequest } from "../models/request/key-connector-user
 import { SetKeyConnectorKeyRequest } from "../models/request/set-key-connector-key.request";
 import { IdentityTokenResponse } from "../models/response/identity-token.response";
 
+export const USES_KEY_CONNECTOR = new UserKeyDefinition<boolean>(
+  KEY_CONNECTOR_DISK,
+  "usesKeyConnector",
+  {
+    deserializer: (usesKeyConnector) => usesKeyConnector,
+    clearOn: ["logout"],
+  },
+);
+
+export const CONVERT_ACCOUNT_TO_KEY_CONNECTOR = new UserKeyDefinition<boolean>(
+  KEY_CONNECTOR_DISK,
+  "convertAccountToKeyConnector",
+  {
+    deserializer: (convertAccountToKeyConnector) => convertAccountToKeyConnector,
+    clearOn: ["logout"],
+  },
+);
+
 export class KeyConnectorService implements KeyConnectorServiceAbstraction {
+  private usesKeyConnectorState: ActiveUserState<boolean>;
+  private convertAccountToKeyConnectorState: ActiveUserState<boolean>;
   constructor(
-    private stateService: StateService,
     private cryptoService: CryptoService,
     private apiService: ApiService,
     private tokenService: TokenService,
@@ -26,14 +52,20 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
     private organizationService: OrganizationService,
     private keyGenerationService: KeyGenerationService,
     private logoutCallback: (expired: boolean, userId?: string) => Promise<void>,
-  ) {}
-
-  setUsesKeyConnector(usesKeyConnector: boolean) {
-    return this.stateService.setUsesKeyConnector(usesKeyConnector);
+    private stateProvider: StateProvider,
+  ) {
+    this.usesKeyConnectorState = this.stateProvider.getActive(USES_KEY_CONNECTOR);
+    this.convertAccountToKeyConnectorState = this.stateProvider.getActive(
+      CONVERT_ACCOUNT_TO_KEY_CONNECTOR,
+    );
   }
 
-  async getUsesKeyConnector(): Promise<boolean> {
-    return await this.stateService.getUsesKeyConnector();
+  async setUsesKeyConnector(usesKeyConnector: boolean) {
+    await this.usesKeyConnectorState.update(() => usesKeyConnector);
+  }
+
+  getUsesKeyConnector(): Promise<boolean> {
+    return firstValueFrom(this.usesKeyConnectorState.state$);
   }
 
   async userNeedsMigration() {
@@ -132,19 +164,15 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
   }
 
   async setConvertAccountRequired(status: boolean) {
-    await this.stateService.setConvertAccountToKeyConnector(status);
+    await this.convertAccountToKeyConnectorState.update(() => status);
   }
 
-  async getConvertAccountRequired(): Promise<boolean> {
-    return await this.stateService.getConvertAccountToKeyConnector();
+  getConvertAccountRequired(): Promise<boolean> {
+    return firstValueFrom(this.convertAccountToKeyConnectorState.state$);
   }
 
   async removeConvertAccountRequired() {
-    await this.stateService.setConvertAccountToKeyConnector(null);
-  }
-
-  async clear() {
-    await this.removeConvertAccountRequired();
+    await this.setConvertAccountRequired(null);
   }
 
   private handleKeyConnectorError(e: any) {
diff --git a/libs/common/src/auth/services/login.service.ts b/libs/common/src/auth/services/login.service.ts
deleted file mode 100644
index f1d038b2f8..0000000000
--- a/libs/common/src/auth/services/login.service.ts
+++ /dev/null
@@ -1,35 +0,0 @@
-import { StateService } from "../../platform/abstractions/state.service";
-import { LoginService as LoginServiceAbstraction } from "../abstractions/login.service";
-
-export class LoginService implements LoginServiceAbstraction {
-  private _email: string;
-  private _rememberEmail: boolean;
-
-  constructor(private stateService: StateService) {}
-
-  getEmail() {
-    return this._email;
-  }
-
-  getRememberEmail() {
-    return this._rememberEmail;
-  }
-
-  setEmail(value: string) {
-    this._email = value;
-  }
-
-  setRememberEmail(value: boolean) {
-    this._rememberEmail = value;
-  }
-
-  clearValues() {
-    this._email = null;
-    this._rememberEmail = null;
-  }
-
-  async saveEmailSettings() {
-    await this.stateService.setRememberedEmail(this._rememberEmail ? this._email : null);
-    this.clearValues();
-  }
-}
diff --git a/libs/common/src/auth/services/token.service.spec.ts b/libs/common/src/auth/services/token.service.spec.ts
index a7b953f928..c409263209 100644
--- a/libs/common/src/auth/services/token.service.spec.ts
+++ b/libs/common/src/auth/services/token.service.spec.ts
@@ -1,7 +1,11 @@
-import { mock } from "jest-mock-extended";
+import { MockProxy, mock } from "jest-mock-extended";
+import { firstValueFrom } from "rxjs";
 
 import { FakeSingleUserStateProvider, FakeGlobalStateProvider } from "../../../spec";
 import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
+import { EncryptService } from "../../platform/abstractions/encrypt.service";
+import { KeyGenerationService } from "../../platform/abstractions/key-generation.service";
+import { LogService } from "../../platform/abstractions/log.service";
 import { AbstractStorageService } from "../../platform/abstractions/storage.service";
 import { StorageLocation } from "../../platform/enums";
 import { StorageOptions } from "../../platform/models/domain/storage-options";
@@ -12,7 +16,6 @@ import { DecodedAccessToken, TokenService } from "./token.service";
 import {
   ACCESS_TOKEN_DISK,
   ACCESS_TOKEN_MEMORY,
-  ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE,
   API_KEY_CLIENT_ID_DISK,
   API_KEY_CLIENT_ID_MEMORY,
   API_KEY_CLIENT_SECRET_DISK,
@@ -28,7 +31,10 @@ describe("TokenService", () => {
   let singleUserStateProvider: FakeSingleUserStateProvider;
   let globalStateProvider: FakeGlobalStateProvider;
 
-  const secureStorageService = mock<AbstractStorageService>();
+  let secureStorageService: MockProxy<AbstractStorageService>;
+  let keyGenerationService: MockProxy<KeyGenerationService>;
+  let encryptService: MockProxy<EncryptService>;
+  let logService: MockProxy<LogService>;
 
   const memoryVaultTimeoutAction = VaultTimeoutAction.LogOut;
   const memoryVaultTimeout = 30;
@@ -74,12 +80,19 @@ describe("TokenService", () => {
     userId: userIdFromAccessToken,
   };
 
+  const accessTokenKeyB64 = { keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8" };
+
   beforeEach(() => {
     jest.clearAllMocks();
 
     singleUserStateProvider = new FakeSingleUserStateProvider();
     globalStateProvider = new FakeGlobalStateProvider();
 
+    secureStorageService = mock<AbstractStorageService>();
+    keyGenerationService = mock<KeyGenerationService>();
+    encryptService = mock<EncryptService>();
+    logService = mock<LogService>();
+
     const supportsSecureStorage = false; // default to false; tests will override as needed
     tokenService = createTokenService(supportsSecureStorage);
   });
@@ -89,8 +102,63 @@ describe("TokenService", () => {
   });
 
   describe("Access Token methods", () => {
-    const accessTokenPartialSecureStorageKey = `_accessToken`;
-    const accessTokenSecureStorageKey = `${userIdFromAccessToken}${accessTokenPartialSecureStorageKey}`;
+    const accessTokenKeyPartialSecureStorageKey = `_accessTokenKey`;
+    const accessTokenKeySecureStorageKey = `${userIdFromAccessToken}${accessTokenKeyPartialSecureStorageKey}`;
+
+    describe("hasAccessToken$", () => {
+      it("returns true when an access token exists in memory", async () => {
+        // Arrange
+        singleUserStateProvider
+          .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
+          .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
+
+        // Act
+        const result = await firstValueFrom(tokenService.hasAccessToken$(userIdFromAccessToken));
+
+        // Assert
+        expect(result).toEqual(true);
+      });
+
+      it("returns true when an access token exists in disk", async () => {
+        // Arrange
+        singleUserStateProvider
+          .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
+          .stateSubject.next([userIdFromAccessToken, undefined]);
+
+        singleUserStateProvider
+          .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
+          .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
+
+        // Act
+        const result = await firstValueFrom(tokenService.hasAccessToken$(userIdFromAccessToken));
+
+        // Assert
+        expect(result).toEqual(true);
+      });
+
+      it("returns true when an access token exists in secure storage", async () => {
+        // Arrange
+        singleUserStateProvider
+          .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
+          .stateSubject.next([userIdFromAccessToken, "encryptedAccessToken"]);
+
+        secureStorageService.get.mockResolvedValue(accessTokenKeyB64);
+
+        // Act
+        const result = await firstValueFrom(tokenService.hasAccessToken$(userIdFromAccessToken));
+
+        // Assert
+        expect(result).toEqual(true);
+      });
+
+      it("should return false if no access token exists in memory, disk, or secure storage", async () => {
+        // Act
+        const result = await firstValueFrom(tokenService.hasAccessToken$(userIdFromAccessToken));
+
+        // Assert
+        expect(result).toEqual(false);
+      });
+    });
 
     describe("setAccessToken", () => {
       it("should throw an error if the access token is null", async () => {
@@ -150,18 +218,22 @@ describe("TokenService", () => {
           tokenService = createTokenService(supportsSecureStorage);
         });
 
-        it("should set the access token in secure storage, null out data on disk or in memory, and set a flag to indicate the token has been migrated", async () => {
+        it("should set an access token key in secure storage, the encrypted access token in disk, and clear out the token in memory", async () => {
           // Arrange:
 
-          // For testing purposes, let's assume that the access token is already in disk and memory
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
+          // For testing purposes, let's assume that the access token is already in memory
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
             .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
 
+          keyGenerationService.createKey.mockResolvedValue("accessTokenKey" as any);
+
+          const mockEncryptedAccessToken = "encryptedAccessToken";
+
+          encryptService.encrypt.mockResolvedValue({
+            encryptedString: mockEncryptedAccessToken,
+          } as any);
+
           // Act
           await tokenService.setAccessToken(
             accessTokenJwt,
@@ -170,27 +242,22 @@ describe("TokenService", () => {
           );
           // Assert
 
-          // assert that the access token was set in secure storage
+          // assert that the AccessTokenKey was set in secure storage
           expect(secureStorageService.save).toHaveBeenCalledWith(
-            accessTokenSecureStorageKey,
-            accessTokenJwt,
+            accessTokenKeySecureStorageKey,
+            "accessTokenKey",
             secureStorageOptions,
           );
 
-          // assert data was migrated out of disk and memory + flag was set
+          // assert that the access token was encrypted and set in disk
           expect(
             singleUserStateProvider.getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK).nextMock,
-          ).toHaveBeenCalledWith(null);
+          ).toHaveBeenCalledWith(mockEncryptedAccessToken);
+
+          // assert data was migrated out of memory
           expect(
             singleUserStateProvider.getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY).nextMock,
           ).toHaveBeenCalledWith(null);
-
-          expect(
-            singleUserStateProvider.getFake(
-              userIdFromAccessToken,
-              ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE,
-            ).nextMock,
-          ).toHaveBeenCalledWith(true);
         });
       });
     });
@@ -216,7 +283,13 @@ describe("TokenService", () => {
       });
 
       describe("Memory storage tests", () => {
-        it("should get the access token from memory with no user id specified (uses global active user)", async () => {
+        test.each([
+          [
+            "should get the access token from memory for the provided user id",
+            userIdFromAccessToken,
+          ],
+          ["should get the access token from memory with no user id provided", undefined],
+        ])("%s", async (_, userId) => {
           // Arrange
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
@@ -228,37 +301,28 @@ describe("TokenService", () => {
             .stateSubject.next([userIdFromAccessToken, undefined]);
 
           // Need to have global active id set to the user id
-          globalStateProvider
-            .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-            .stateSubject.next(userIdFromAccessToken);
+          if (!userId) {
+            globalStateProvider
+              .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
+              .stateSubject.next(userIdFromAccessToken);
+          }
 
           // Act
-          const result = await tokenService.getAccessToken();
+          const result = await tokenService.getAccessToken(userId);
 
           // Assert
           expect(result).toEqual(accessTokenJwt);
         });
-
-        it("should get the access token from memory for the specified user id", async () => {
-          // Arrange
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
-          // set disk to undefined
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
-
-          // Act
-          const result = await tokenService.getAccessToken(userIdFromAccessToken);
-          // Assert
-          expect(result).toEqual(accessTokenJwt);
-        });
       });
 
       describe("Disk storage tests (secure storage not supported on platform)", () => {
-        it("should get the access token from disk with no user id specified", async () => {
+        test.each([
+          [
+            "should get the access token from disk for the specified user id",
+            userIdFromAccessToken,
+          ],
+          ["should get the access token from disk with no user id specified", undefined],
+        ])("%s", async (_, userId) => {
           // Arrange
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
@@ -269,28 +333,14 @@ describe("TokenService", () => {
             .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
 
           // Need to have global active id set to the user id
-          globalStateProvider
-            .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-            .stateSubject.next(userIdFromAccessToken);
+          if (!userId) {
+            globalStateProvider
+              .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
+              .stateSubject.next(userIdFromAccessToken);
+          }
 
           // Act
-          const result = await tokenService.getAccessToken();
-          // Assert
-          expect(result).toEqual(accessTokenJwt);
-        });
-
-        it("should get the access token from disk for the specified user id", async () => {
-          // Arrange
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
-
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
-          // Act
-          const result = await tokenService.getAccessToken(userIdFromAccessToken);
+          const result = await tokenService.getAccessToken(userId);
           // Assert
           expect(result).toEqual(accessTokenJwt);
         });
@@ -302,7 +352,16 @@ describe("TokenService", () => {
           tokenService = createTokenService(supportsSecureStorage);
         });
 
-        it("should get the access token from secure storage when no user id is specified and the migration flag is set to true", async () => {
+        test.each([
+          [
+            "should get the encrypted access token from disk, decrypt it, and return it when user id is provided",
+            userIdFromAccessToken,
+          ],
+          [
+            "should get the encrypted access token from disk, decrypt it, and return it when no user id is provided",
+            undefined,
+          ],
+        ])("%s", async (_, userId) => {
           // Arrange
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
@@ -310,76 +369,35 @@ describe("TokenService", () => {
 
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
+            .stateSubject.next([userIdFromAccessToken, "encryptedAccessToken"]);
 
-          secureStorageService.get.mockResolvedValue(accessTokenJwt);
+          secureStorageService.get.mockResolvedValue(accessTokenKeyB64);
+          encryptService.decryptToUtf8.mockResolvedValue("decryptedAccessToken");
 
           // Need to have global active id set to the user id
-          globalStateProvider
-            .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-            .stateSubject.next(userIdFromAccessToken);
-
-          // set access token migration flag to true
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE)
-            .stateSubject.next([userIdFromAccessToken, true]);
+          if (!userId) {
+            globalStateProvider
+              .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
+              .stateSubject.next(userIdFromAccessToken);
+          }
 
           // Act
-          const result = await tokenService.getAccessToken();
-          // Assert
-          expect(result).toEqual(accessTokenJwt);
-        });
-
-        it("should get the access token from secure storage when user id is specified and the migration flag set to true", async () => {
-          // Arrange
-
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
-
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
-
-          secureStorageService.get.mockResolvedValue(accessTokenJwt);
-
-          // set access token migration flag to true
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE)
-            .stateSubject.next([userIdFromAccessToken, true]);
-
-          // Act
-          const result = await tokenService.getAccessToken(userIdFromAccessToken);
-          // Assert
-          expect(result).toEqual(accessTokenJwt);
-        });
-
-        it("should fallback and get the access token from disk when user id is specified and the migration flag is set to false even if the platform supports secure storage", async () => {
-          // Arrange
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
-            .stateSubject.next([userIdFromAccessToken, undefined]);
-
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
-          // set access token migration flag to false
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE)
-            .stateSubject.next([userIdFromAccessToken, false]);
-
-          // Act
-          const result = await tokenService.getAccessToken(userIdFromAccessToken);
+          const result = await tokenService.getAccessToken(userId);
 
           // Assert
-          expect(result).toEqual(accessTokenJwt);
-
-          // assert that secure storage was not called
-          expect(secureStorageService.get).not.toHaveBeenCalled();
+          expect(result).toEqual("decryptedAccessToken");
         });
 
-        it("should fallback and get the access token from disk when no user id is specified and the migration flag is set to false even if the platform supports secure storage", async () => {
+        test.each([
+          [
+            "should fallback and get the unencrypted access token from disk when there isn't an access token key in secure storage and a user id is provided",
+            userIdFromAccessToken,
+          ],
+          [
+            "should fallback and get the unencrypted access token from disk when there isn't an access token key in secure storage and no user id is provided",
+            undefined,
+          ],
+        ])("%s", async (_, userId) => {
           // Arrange
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
@@ -390,23 +408,19 @@ describe("TokenService", () => {
             .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
 
           // Need to have global active id set to the user id
-          globalStateProvider
-            .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-            .stateSubject.next(userIdFromAccessToken);
+          if (!userId) {
+            globalStateProvider
+              .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
+              .stateSubject.next(userIdFromAccessToken);
+          }
 
-          // set access token migration flag to false
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE)
-            .stateSubject.next([userIdFromAccessToken, false]);
+          // No access token key set
 
           // Act
-          const result = await tokenService.getAccessToken();
+          const result = await tokenService.getAccessToken(userId);
 
           // Assert
           expect(result).toEqual(accessTokenJwt);
-
-          // assert that secure storage was not called
-          expect(secureStorageService.get).not.toHaveBeenCalled();
         });
       });
     });
@@ -426,7 +440,16 @@ describe("TokenService", () => {
           tokenService = createTokenService(supportsSecureStorage);
         });
 
-        it("should clear the access token from all storage locations for the specified user id", async () => {
+        test.each([
+          [
+            "should clear the access token from all storage locations for the provided user id",
+            userIdFromAccessToken,
+          ],
+          [
+            "should clear the access token from all storage locations for the global active user",
+            undefined,
+          ],
+        ])("%s", async (_, userId) => {
           // Arrange
           singleUserStateProvider
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
@@ -436,6 +459,13 @@ describe("TokenService", () => {
             .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
             .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
 
+          // Need to have global active id set to the user id
+          if (!userId) {
+            globalStateProvider
+              .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
+              .stateSubject.next(userIdFromAccessToken);
+          }
+
           // Act
           await tokenService.clearAccessToken(userIdFromAccessToken);
 
@@ -448,39 +478,7 @@ describe("TokenService", () => {
           ).toHaveBeenCalledWith(null);
 
           expect(secureStorageService.remove).toHaveBeenCalledWith(
-            accessTokenSecureStorageKey,
-            secureStorageOptions,
-          );
-        });
-
-        it("should clear the access token from all storage locations for the global active user", async () => {
-          // Arrange
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
-          singleUserStateProvider
-            .getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK)
-            .stateSubject.next([userIdFromAccessToken, accessTokenJwt]);
-
-          // Need to have global active id set to the user id
-          globalStateProvider
-            .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-            .stateSubject.next(userIdFromAccessToken);
-
-          // Act
-          await tokenService.clearAccessToken();
-
-          // Assert
-          expect(
-            singleUserStateProvider.getFake(userIdFromAccessToken, ACCESS_TOKEN_MEMORY).nextMock,
-          ).toHaveBeenCalledWith(null);
-          expect(
-            singleUserStateProvider.getFake(userIdFromAccessToken, ACCESS_TOKEN_DISK).nextMock,
-          ).toHaveBeenCalledWith(null);
-
-          expect(secureStorageService.remove).toHaveBeenCalledWith(
-            accessTokenSecureStorageKey,
+            accessTokenKeySecureStorageKey,
             secureStorageOptions,
           );
         });
@@ -1049,6 +1047,7 @@ describe("TokenService", () => {
           refreshToken,
           VaultTimeoutAction.Lock,
           null,
+          null,
         );
         // Assert
         await expect(result).rejects.toThrow("User id not found. Cannot save refresh token.");
@@ -1912,7 +1911,7 @@ describe("TokenService", () => {
 
       // Act
       // Note: passing a valid access token so that a valid user id can be determined from the access token
-      await tokenService.setTokens(accessTokenJwt, refreshToken, vaultTimeoutAction, vaultTimeout, [
+      await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken, [
         clientId,
         clientSecret,
       ]);
@@ -1959,7 +1958,7 @@ describe("TokenService", () => {
       tokenService.setClientSecret = jest.fn();
 
       // Act
-      await tokenService.setTokens(accessTokenJwt, refreshToken, vaultTimeoutAction, vaultTimeout);
+      await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken);
 
       // Assert
       expect((tokenService as any)._setAccessToken).toHaveBeenCalledWith(
@@ -1991,9 +1990,9 @@ describe("TokenService", () => {
       // Act
       const result = tokenService.setTokens(
         accessToken,
-        refreshToken,
         vaultTimeoutAction,
         vaultTimeout,
+        refreshToken,
       );
 
       // Assert
@@ -2010,32 +2009,27 @@ describe("TokenService", () => {
       // Act
       const result = tokenService.setTokens(
         accessToken,
-        refreshToken,
         vaultTimeoutAction,
         vaultTimeout,
+        refreshToken,
       );
 
       // Assert
-      await expect(result).rejects.toThrow("Access token and refresh token are required.");
+      await expect(result).rejects.toThrow("Access token is required.");
     });
 
-    it("should throw an error if the refresh token is missing", async () => {
+    it("should not throw an error if the refresh token is missing and it should just not set it", async () => {
       // Arrange
-      const accessToken = "accessToken";
       const refreshToken: string = null;
       const vaultTimeoutAction = VaultTimeoutAction.Lock;
       const vaultTimeout = 30;
+      (tokenService as any).setRefreshToken = jest.fn();
 
       // Act
-      const result = tokenService.setTokens(
-        accessToken,
-        refreshToken,
-        vaultTimeoutAction,
-        vaultTimeout,
-      );
+      await tokenService.setTokens(accessTokenJwt, vaultTimeoutAction, vaultTimeout, refreshToken);
 
       // Assert
-      await expect(result).rejects.toThrow("Access token and refresh token are required.");
+      expect((tokenService as any).setRefreshToken).not.toHaveBeenCalled();
     });
   });
 
@@ -2232,6 +2226,9 @@ describe("TokenService", () => {
       globalStateProvider,
       supportsSecureStorage,
       secureStorageService,
+      keyGenerationService,
+      encryptService,
+      logService,
     );
   }
 });
diff --git a/libs/common/src/auth/services/token.service.ts b/libs/common/src/auth/services/token.service.ts
index 4e9722614e..fb13c21870 100644
--- a/libs/common/src/auth/services/token.service.ts
+++ b/libs/common/src/auth/services/token.service.ts
@@ -1,11 +1,17 @@
-import { firstValueFrom } from "rxjs";
+import { Observable, combineLatest, firstValueFrom, map } from "rxjs";
+import { Opaque } from "type-fest";
 
 import { decodeJwtTokenToJson } from "@bitwarden/auth/common";
 
 import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
+import { EncryptService } from "../../platform/abstractions/encrypt.service";
+import { KeyGenerationService } from "../../platform/abstractions/key-generation.service";
+import { LogService } from "../../platform/abstractions/log.service";
 import { AbstractStorageService } from "../../platform/abstractions/storage.service";
 import { StorageLocation } from "../../platform/enums";
+import { EncString, EncryptedString } from "../../platform/models/domain/enc-string";
 import { StorageOptions } from "../../platform/models/domain/storage-options";
+import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
 import {
   GlobalState,
   GlobalStateProvider,
@@ -19,7 +25,6 @@ import { ACCOUNT_ACTIVE_ACCOUNT_ID } from "./account.service";
 import {
   ACCESS_TOKEN_DISK,
   ACCESS_TOKEN_MEMORY,
-  ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE,
   API_KEY_CLIENT_ID_DISK,
   API_KEY_CLIENT_ID_MEMORY,
   API_KEY_CLIENT_SECRET_DISK,
@@ -101,8 +106,14 @@ export type DecodedAccessToken = {
   jti?: string;
 };
 
+/**
+ * A symmetric key for encrypting the access token before the token is stored on disk.
+ * This key should be stored in secure storage.
+ * */
+type AccessTokenKey = Opaque<SymmetricCryptoKey, "AccessTokenKey">;
+
 export class TokenService implements TokenServiceAbstraction {
-  private readonly accessTokenSecureStorageKey: string = "_accessToken";
+  private readonly accessTokenKeySecureStorageKey: string = "_accessTokenKey";
 
   private readonly refreshTokenSecureStorageKey: string = "_refreshToken";
 
@@ -117,10 +128,26 @@ export class TokenService implements TokenServiceAbstraction {
     private globalStateProvider: GlobalStateProvider,
     private readonly platformSupportsSecureStorage: boolean,
     private secureStorageService: AbstractStorageService,
+    private keyGenerationService: KeyGenerationService,
+    private encryptService: EncryptService,
+    private logService: LogService,
   ) {
     this.initializeState();
   }
 
+  hasAccessToken$(userId: UserId): Observable<boolean> {
+    // FIXME Once once vault timeout action is observable, we can use it to determine storage location
+    // and avoid the need to check both disk and memory.
+    return combineLatest([
+      this.singleUserStateProvider.get(userId, ACCESS_TOKEN_DISK).state$,
+      this.singleUserStateProvider.get(userId, ACCESS_TOKEN_MEMORY).state$,
+    ]).pipe(map(([disk, memory]) => Boolean(disk || memory)));
+  }
+
+  // pivoting to an approach where we create a symmetric key we store in secure storage
+  // which is used to protect the data before persisting to disk.
+  // We will also use the same symmetric key to decrypt the data when reading from disk.
+
   private initializeState(): void {
     this.emailTwoFactorTokenRecordGlobalState = this.globalStateProvider.get(
       EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
@@ -131,13 +158,13 @@ export class TokenService implements TokenServiceAbstraction {
 
   async setTokens(
     accessToken: string,
-    refreshToken: string,
     vaultTimeoutAction: VaultTimeoutAction,
     vaultTimeout: number | null,
+    refreshToken?: string,
     clientIdClientSecret?: [string, string],
   ): Promise<void> {
-    if (!accessToken || !refreshToken) {
-      throw new Error("Access token and refresh token are required.");
+    if (!accessToken) {
+      throw new Error("Access token is required.");
     }
 
     // get user id the access token
@@ -148,13 +175,95 @@ export class TokenService implements TokenServiceAbstraction {
     }
 
     await this._setAccessToken(accessToken, vaultTimeoutAction, vaultTimeout, userId);
-    await this.setRefreshToken(refreshToken, vaultTimeoutAction, vaultTimeout, userId);
+
+    if (refreshToken) {
+      await this.setRefreshToken(refreshToken, vaultTimeoutAction, vaultTimeout, userId);
+    }
+
     if (clientIdClientSecret != null) {
       await this.setClientId(clientIdClientSecret[0], vaultTimeoutAction, vaultTimeout, userId);
       await this.setClientSecret(clientIdClientSecret[1], vaultTimeoutAction, vaultTimeout, userId);
     }
   }
 
+  private async getAccessTokenKey(userId: UserId): Promise<AccessTokenKey | null> {
+    const accessTokenKeyB64 = await this.secureStorageService.get<
+      ReturnType<SymmetricCryptoKey["toJSON"]>
+    >(`${userId}${this.accessTokenKeySecureStorageKey}`, this.getSecureStorageOptions(userId));
+
+    if (!accessTokenKeyB64) {
+      return null;
+    }
+
+    const accessTokenKey = SymmetricCryptoKey.fromJSON(accessTokenKeyB64) as AccessTokenKey;
+    return accessTokenKey;
+  }
+
+  private async createAndSaveAccessTokenKey(userId: UserId): Promise<AccessTokenKey> {
+    const newAccessTokenKey = (await this.keyGenerationService.createKey(512)) as AccessTokenKey;
+
+    await this.secureStorageService.save<AccessTokenKey>(
+      `${userId}${this.accessTokenKeySecureStorageKey}`,
+      newAccessTokenKey,
+      this.getSecureStorageOptions(userId),
+    );
+
+    return newAccessTokenKey;
+  }
+
+  private async clearAccessTokenKey(userId: UserId): Promise<void> {
+    await this.secureStorageService.remove(
+      `${userId}${this.accessTokenKeySecureStorageKey}`,
+      this.getSecureStorageOptions(userId),
+    );
+  }
+
+  private async getOrCreateAccessTokenKey(userId: UserId): Promise<AccessTokenKey> {
+    if (!this.platformSupportsSecureStorage) {
+      throw new Error("Platform does not support secure storage. Cannot obtain access token key.");
+    }
+
+    if (!userId) {
+      throw new Error("User id not found. Cannot obtain access token key.");
+    }
+
+    // First see if we have an accessTokenKey in secure storage and return it if we do
+    let accessTokenKey: AccessTokenKey = await this.getAccessTokenKey(userId);
+
+    if (!accessTokenKey) {
+      // Otherwise, create a new one and save it to secure storage, then return it
+      accessTokenKey = await this.createAndSaveAccessTokenKey(userId);
+    }
+
+    return accessTokenKey;
+  }
+
+  private async encryptAccessToken(accessToken: string, userId: UserId): Promise<EncString> {
+    const accessTokenKey = await this.getOrCreateAccessTokenKey(userId);
+
+    return await this.encryptService.encrypt(accessToken, accessTokenKey);
+  }
+
+  private async decryptAccessToken(
+    encryptedAccessToken: EncString,
+    userId: UserId,
+  ): Promise<string | null> {
+    const accessTokenKey = await this.getAccessTokenKey(userId);
+
+    if (!accessTokenKey) {
+      // If we don't have an accessTokenKey, then that means we don't have an access token as it hasn't been set yet
+      // and we have to return null here to properly indicate the the user isn't logged in.
+      return null;
+    }
+
+    const decryptedAccessToken = await this.encryptService.decryptToUtf8(
+      encryptedAccessToken,
+      accessTokenKey,
+    );
+
+    return decryptedAccessToken;
+  }
+
   /**
    * Internal helper for set access token which always requires user id.
    * This is useful because setTokens always will have a user id from the access token whereas
@@ -173,26 +282,33 @@ export class TokenService implements TokenServiceAbstraction {
     );
 
     switch (storageLocation) {
-      case TokenStorageLocation.SecureStorage:
-        await this.saveStringToSecureStorage(userId, this.accessTokenSecureStorageKey, accessToken);
+      case TokenStorageLocation.SecureStorage: {
+        // Secure storage implementations have variable length limitations (Windows), so we cannot
+        // store the access token directly. Instead, we encrypt with accessTokenKey and store that
+        // in secure storage.
+
+        const encryptedAccessToken: EncString = await this.encryptAccessToken(accessToken, userId);
+
+        // Save the encrypted access token to disk
+        await this.singleUserStateProvider
+          .get(userId, ACCESS_TOKEN_DISK)
+          .update((_) => encryptedAccessToken.encryptedString);
 
         // TODO: PM-6408 - https://bitwarden.atlassian.net/browse/PM-6408
-        // 2024-02-20: Remove access token from memory and disk so that we migrate to secure storage over time.
-        // Remove these 2 calls to remove the access token from memory and disk after 3 releases.
-
-        await this.singleUserStateProvider.get(userId, ACCESS_TOKEN_DISK).update((_) => null);
+        // 2024-02-20: Remove access token from memory so that we migrate to encrypt the access token over time.
+        // Remove this call to remove the access token from memory after 3 releases.
         await this.singleUserStateProvider.get(userId, ACCESS_TOKEN_MEMORY).update((_) => null);
 
-        // Set flag to indicate that the access token has been migrated to secure storage (don't remove this)
-        await this.setAccessTokenMigratedToSecureStorage(userId);
-
         return;
+      }
       case TokenStorageLocation.Disk:
+        // Access token stored on disk unencrypted as platform does not support secure storage
         await this.singleUserStateProvider
           .get(userId, ACCESS_TOKEN_DISK)
           .update((_) => accessToken);
         return;
       case TokenStorageLocation.Memory:
+        // Access token stored in memory due to vault timeout settings
         await this.singleUserStateProvider
           .get(userId, ACCESS_TOKEN_MEMORY)
           .update((_) => accessToken);
@@ -226,15 +342,14 @@ export class TokenService implements TokenServiceAbstraction {
       throw new Error("User id not found. Cannot clear access token.");
     }
 
-    // TODO: re-eval this once we get shared key definitions for vault timeout and vault timeout action data.
+    // TODO: re-eval this implementation once we get shared key definitions for vault timeout and vault timeout action data.
     // we can't determine storage location w/out vaultTimeoutAction and vaultTimeout
-    // but we can simply clear all locations to avoid the need to require those parameters
+    // but we can simply clear all locations to avoid the need to require those parameters.
 
     if (this.platformSupportsSecureStorage) {
-      await this.secureStorageService.remove(
-        `${userId}${this.accessTokenSecureStorageKey}`,
-        this.getSecureStorageOptions(userId),
-      );
+      // Always clear the access token key when clearing the access token
+      // The next set of the access token will create a new access token key
+      await this.clearAccessTokenKey(userId);
     }
 
     // Platform doesn't support secure storage, so use state provider implementation
@@ -249,36 +364,48 @@ export class TokenService implements TokenServiceAbstraction {
       return undefined;
     }
 
-    const accessTokenMigratedToSecureStorage =
-      await this.getAccessTokenMigratedToSecureStorage(userId);
-    if (this.platformSupportsSecureStorage && accessTokenMigratedToSecureStorage) {
-      return await this.getStringFromSecureStorage(userId, this.accessTokenSecureStorageKey);
-    }
-
     // Try to get the access token from memory
     const accessTokenMemory = await this.getStateValueByUserIdAndKeyDef(
       userId,
       ACCESS_TOKEN_MEMORY,
     );
-
     if (accessTokenMemory != null) {
       return accessTokenMemory;
     }
 
     // If memory is null, read from disk
-    return await this.getStateValueByUserIdAndKeyDef(userId, ACCESS_TOKEN_DISK);
-  }
+    const accessTokenDisk = await this.getStateValueByUserIdAndKeyDef(userId, ACCESS_TOKEN_DISK);
+    if (!accessTokenDisk) {
+      return null;
+    }
 
-  private async getAccessTokenMigratedToSecureStorage(userId: UserId): Promise<boolean> {
-    return await firstValueFrom(
-      this.singleUserStateProvider.get(userId, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE).state$,
-    );
-  }
+    if (this.platformSupportsSecureStorage) {
+      const accessTokenKey = await this.getAccessTokenKey(userId);
 
-  private async setAccessTokenMigratedToSecureStorage(userId: UserId): Promise<void> {
-    await this.singleUserStateProvider
-      .get(userId, ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE)
-      .update((_) => true);
+      if (!accessTokenKey) {
+        // We know this is an unencrypted access token because we don't have an access token key
+        return accessTokenDisk;
+      }
+
+      try {
+        const encryptedAccessTokenEncString = new EncString(accessTokenDisk as EncryptedString);
+
+        const decryptedAccessToken = await this.decryptAccessToken(
+          encryptedAccessTokenEncString,
+          userId,
+        );
+        return decryptedAccessToken;
+      } catch (error) {
+        // If an error occurs during decryption, return null for logout.
+        // We don't try to recover here since we'd like to know
+        // if access token and key are getting out of sync.
+        this.logService.error(
+          `Failed to decrypt access token: ${error?.message ?? "Unknown error."}`,
+        );
+        return null;
+      }
+    }
+    return accessTokenDisk;
   }
 
   // Private because we only ever set the refresh token when also setting the access token
@@ -417,7 +544,7 @@ export class TokenService implements TokenServiceAbstraction {
     const storageLocation = await this.determineStorageLocation(
       vaultTimeoutAction,
       vaultTimeout,
-      false,
+      false, // don't use secure storage for client id
     );
 
     if (storageLocation === TokenStorageLocation.Disk) {
@@ -484,7 +611,7 @@ export class TokenService implements TokenServiceAbstraction {
     const storageLocation = await this.determineStorageLocation(
       vaultTimeoutAction,
       vaultTimeout,
-      false,
+      false, // don't use secure storage for client secret
     );
 
     if (storageLocation === TokenStorageLocation.Disk) {
@@ -567,6 +694,7 @@ export class TokenService implements TokenServiceAbstraction {
     });
   }
 
+  // TODO: stop accepting optional userIds
   async clearTokens(userId?: UserId): Promise<void> {
     userId ??= await firstValueFrom(this.activeUserIdGlobalState.state$);
 
diff --git a/libs/common/src/auth/services/token.state.spec.ts b/libs/common/src/auth/services/token.state.spec.ts
index f4089a73fb..24eddc73f5 100644
--- a/libs/common/src/auth/services/token.state.spec.ts
+++ b/libs/common/src/auth/services/token.state.spec.ts
@@ -3,7 +3,6 @@ import { KeyDefinition } from "../../platform/state";
 import {
   ACCESS_TOKEN_DISK,
   ACCESS_TOKEN_MEMORY,
-  ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE,
   API_KEY_CLIENT_ID_DISK,
   API_KEY_CLIENT_ID_MEMORY,
   API_KEY_CLIENT_SECRET_DISK,
@@ -17,7 +16,6 @@ import {
 describe.each([
   [ACCESS_TOKEN_DISK, "accessTokenDisk"],
   [ACCESS_TOKEN_MEMORY, "accessTokenMemory"],
-  [ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE, true],
   [REFRESH_TOKEN_DISK, "refreshTokenDisk"],
   [REFRESH_TOKEN_MEMORY, "refreshTokenMemory"],
   [REFRESH_TOKEN_MIGRATED_TO_SECURE_STORAGE, true],
diff --git a/libs/common/src/auth/services/token.state.ts b/libs/common/src/auth/services/token.state.ts
index 022f56f7aa..368f3c4ca2 100644
--- a/libs/common/src/auth/services/token.state.ts
+++ b/libs/common/src/auth/services/token.state.ts
@@ -1,5 +1,9 @@
 import { KeyDefinition, TOKEN_DISK, TOKEN_DISK_LOCAL, TOKEN_MEMORY } from "../../platform/state";
 
+// Note: all tokens / API key information must be cleared on logout.
+// because we are using secure storage, we must manually call to clean up our tokens.
+// See stateService.deAuthenticateAccount for where we call clearTokens(...)
+
 export const ACCESS_TOKEN_DISK = new KeyDefinition<string>(TOKEN_DISK, "accessToken", {
   deserializer: (accessToken) => accessToken,
 });
@@ -8,14 +12,6 @@ export const ACCESS_TOKEN_MEMORY = new KeyDefinition<string>(TOKEN_MEMORY, "acce
   deserializer: (accessToken) => accessToken,
 });
 
-export const ACCESS_TOKEN_MIGRATED_TO_SECURE_STORAGE = new KeyDefinition<boolean>(
-  TOKEN_DISK,
-  "accessTokenMigratedToSecureStorage",
-  {
-    deserializer: (accessTokenMigratedToSecureStorage) => accessTokenMigratedToSecureStorage,
-  },
-);
-
 export const REFRESH_TOKEN_DISK = new KeyDefinition<string>(TOKEN_DISK, "refreshToken", {
   deserializer: (refreshToken) => refreshToken,
 });
diff --git a/libs/common/src/auth/services/user-verification/user-verification.service.ts b/libs/common/src/auth/services/user-verification/user-verification.service.ts
index 431348c7fc..0b4cd96099 100644
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -1,3 +1,7 @@
+import { firstValueFrom } from "rxjs";
+
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
 import { PinCryptoServiceAbstraction } from "../../../../../auth/src/common/abstractions/pin-crypto.service.abstraction";
 import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "../../../abstractions/vault-timeout/vault-timeout-settings.service";
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
@@ -33,6 +37,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
     private cryptoService: CryptoService,
     private i18nService: I18nService,
     private userVerificationApiService: UserVerificationApiServiceAbstraction,
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     private pinCryptoService: PinCryptoServiceAbstraction,
     private logService: LogService,
     private vaultTimeoutSettingsService: VaultTimeoutSettingsServiceAbstraction,
@@ -136,7 +141,6 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
         return this.verifyUserByMasterPassword(verification);
       case VerificationType.PIN:
         return this.verifyUserByPIN(verification);
-        break;
       case VerificationType.Biometrics:
         return this.verifyUserByBiometrics();
       default: {
@@ -210,16 +214,19 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
    * Note: This only checks the server, not the local state
    * @param userId The user id to check. If not provided, the current user is used
    * @returns True if the user has a master password
+   * @deprecated Use UserDecryptionOptionsService.hasMasterPassword$ instead
    */
   async hasMasterPassword(userId?: string): Promise<boolean> {
-    const decryptionOptions = await this.stateService.getAccountDecryptionOptions({ userId });
+    if (userId) {
+      const decryptionOptions = await firstValueFrom(
+        this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
+      );
 
-    if (decryptionOptions?.hasMasterPassword != undefined) {
-      return decryptionOptions.hasMasterPassword;
+      if (decryptionOptions?.hasMasterPassword != undefined) {
+        return decryptionOptions.hasMasterPassword;
+      }
     }
-
-    // TODO: PM-3518 - Left for backwards compatibility, remove after 2023.12.0
-    return !(await this.stateService.getUsesKeyConnector({ userId }));
+    return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
   }
 
   async hasMasterPasswordAndMasterKeyHash(userId?: string): Promise<boolean> {
diff --git a/libs/common/src/auth/services/webauthn-login/webauthn-login-api.service.ts b/libs/common/src/auth/services/webauthn-login/webauthn-login-api.service.ts
index eb1cf222d3..7761903e4a 100644
--- a/libs/common/src/auth/services/webauthn-login/webauthn-login-api.service.ts
+++ b/libs/common/src/auth/services/webauthn-login/webauthn-login-api.service.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { ApiService } from "../../../abstractions/api.service";
 import { EnvironmentService } from "../../../platform/abstractions/environment.service";
 import { WebAuthnLoginApiServiceAbstraction } from "../../abstractions/webauthn/webauthn-login-api.service.abstraction";
@@ -11,13 +13,14 @@ export class WebAuthnLoginApiService implements WebAuthnLoginApiServiceAbstracti
   ) {}
 
   async getCredentialAssertionOptions(): Promise<CredentialAssertionOptionsResponse> {
+    const env = await firstValueFrom(this.environmentService.environment$);
     const response = await this.apiService.send(
       "GET",
       `/accounts/webauthn/assertion-options`,
       null,
       false,
       true,
-      this.environmentService.getIdentityUrl(),
+      env.getIdentityUrl(),
     );
     return new CredentialAssertionOptionsResponse(response);
   }
diff --git a/libs/common/src/billing/services/account/billing-account-profile-state.service.spec.ts b/libs/common/src/billing/services/account/billing-account-profile-state.service.spec.ts
index 4a2a94e9c6..7f0f218a23 100644
--- a/libs/common/src/billing/services/account/billing-account-profile-state.service.spec.ts
+++ b/libs/common/src/billing/services/account/billing-account-profile-state.service.spec.ts
@@ -2,10 +2,10 @@ import { firstValueFrom } from "rxjs";
 
 import {
   FakeAccountService,
-  FakeActiveUserStateProvider,
   mockAccountServiceWith,
   FakeActiveUserState,
-  trackEmissions,
+  FakeStateProvider,
+  FakeSingleUserState,
 } from "../../../../spec";
 import { UserId } from "../../../types/guid";
 import { BillingAccountProfile } from "../../abstractions/account/billing-account-profile-state.service";
@@ -16,20 +16,26 @@ import {
 } from "./billing-account-profile-state.service";
 
 describe("BillingAccountProfileStateService", () => {
-  let activeUserStateProvider: FakeActiveUserStateProvider;
+  let stateProvider: FakeStateProvider;
   let sut: DefaultBillingAccountProfileStateService;
   let billingAccountProfileState: FakeActiveUserState<BillingAccountProfile>;
+  let userBillingAccountProfileState: FakeSingleUserState<BillingAccountProfile>;
   let accountService: FakeAccountService;
 
   const userId = "fakeUserId" as UserId;
 
   beforeEach(() => {
     accountService = mockAccountServiceWith(userId);
-    activeUserStateProvider = new FakeActiveUserStateProvider(accountService);
+    stateProvider = new FakeStateProvider(accountService);
 
-    sut = new DefaultBillingAccountProfileStateService(activeUserStateProvider);
+    sut = new DefaultBillingAccountProfileStateService(stateProvider);
 
-    billingAccountProfileState = activeUserStateProvider.getFake(
+    billingAccountProfileState = stateProvider.activeUser.getFake(
+      BILLING_ACCOUNT_PROFILE_KEY_DEFINITION,
+    );
+
+    userBillingAccountProfileState = stateProvider.singleUser.getFake(
+      userId,
       BILLING_ACCOUNT_PROFILE_KEY_DEFINITION,
     );
   });
@@ -38,9 +44,9 @@ describe("BillingAccountProfileStateService", () => {
     return jest.resetAllMocks();
   });
 
-  describe("accountHasPremiumFromAnyOrganization$", () => {
-    it("should emit changes in hasPremiumFromAnyOrganization", async () => {
-      billingAccountProfileState.nextState({
+  describe("hasPremiumFromAnyOrganization$", () => {
+    it("returns true when they have premium from an organization", async () => {
+      userBillingAccountProfileState.nextState({
         hasPremiumPersonally: false,
         hasPremiumFromAnyOrganization: true,
       });
@@ -48,118 +54,91 @@ describe("BillingAccountProfileStateService", () => {
       expect(await firstValueFrom(sut.hasPremiumFromAnyOrganization$)).toBe(true);
     });
 
-    it("should emit once when calling setHasPremium once", async () => {
-      const emissions = trackEmissions(sut.hasPremiumFromAnyOrganization$);
-      const startingEmissionCount = emissions.length;
-
-      await sut.setHasPremium(true, true);
-
-      const endingEmissionCount = emissions.length;
-      expect(endingEmissionCount - startingEmissionCount).toBe(1);
-    });
-  });
-
-  describe("hasPremiumPersonally$", () => {
-    it("should emit changes in hasPremiumPersonally", async () => {
-      billingAccountProfileState.nextState({
-        hasPremiumPersonally: true,
-        hasPremiumFromAnyOrganization: false,
-      });
-
-      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(true);
-    });
-
-    it("should emit once when calling setHasPremium once", async () => {
-      const emissions = trackEmissions(sut.hasPremiumPersonally$);
-      const startingEmissionCount = emissions.length;
-
-      await sut.setHasPremium(true, true);
-
-      const endingEmissionCount = emissions.length;
-      expect(endingEmissionCount - startingEmissionCount).toBe(1);
-    });
-  });
-
-  describe("canAccessPremium$", () => {
-    it("should emit changes in hasPremiumPersonally", async () => {
-      billingAccountProfileState.nextState({
-        hasPremiumPersonally: true,
-        hasPremiumFromAnyOrganization: false,
-      });
-
-      expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
-    });
-
-    it("should emit changes in hasPremiumFromAnyOrganization", async () => {
-      billingAccountProfileState.nextState({
+    it("return false when they do not have premium from an organization", async () => {
+      userBillingAccountProfileState.nextState({
         hasPremiumPersonally: false,
-        hasPremiumFromAnyOrganization: true,
+        hasPremiumFromAnyOrganization: false,
       });
 
-      expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
-    });
-
-    it("should emit changes in both hasPremiumPersonally and hasPremiumFromAnyOrganization", async () => {
-      billingAccountProfileState.nextState({
-        hasPremiumPersonally: true,
-        hasPremiumFromAnyOrganization: true,
-      });
-
-      expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
-    });
-
-    it("should emit once when calling setHasPremium once", async () => {
-      const emissions = trackEmissions(sut.hasPremiumFromAnySource$);
-      const startingEmissionCount = emissions.length;
-
-      await sut.setHasPremium(true, true);
-
-      const endingEmissionCount = emissions.length;
-      expect(endingEmissionCount - startingEmissionCount).toBe(1);
-    });
-  });
-
-  describe("setHasPremium", () => {
-    it("should have `hasPremiumPersonally$` emit `true` when passing `true` as an argument for hasPremiumPersonally", async () => {
-      await sut.setHasPremium(true, false);
-
-      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(true);
-    });
-
-    it("should have `hasPremiumFromAnyOrganization$` emit `true` when passing `true` as an argument for hasPremiumFromAnyOrganization", async () => {
-      await sut.setHasPremium(false, true);
-
-      expect(await firstValueFrom(sut.hasPremiumFromAnyOrganization$)).toBe(true);
-    });
-
-    it("should have `hasPremiumPersonally$` emit `false` when passing `false` as an argument for hasPremiumPersonally", async () => {
-      await sut.setHasPremium(false, false);
-
-      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(false);
-    });
-
-    it("should have `hasPremiumFromAnyOrganization$` emit `false` when passing `false` as an argument for hasPremiumFromAnyOrganization", async () => {
-      await sut.setHasPremium(false, false);
-
       expect(await firstValueFrom(sut.hasPremiumFromAnyOrganization$)).toBe(false);
     });
 
-    it("should have `canAccessPremium$` emit `true` when passing `true` as an argument for hasPremiumPersonally", async () => {
-      await sut.setHasPremium(true, false);
+    it("returns false when there is no active user", async () => {
+      await accountService.switchAccount(null);
+
+      expect(await firstValueFrom(sut.hasPremiumFromAnyOrganization$)).toBe(false);
+    });
+  });
+
+  describe("hasPremiumPersonally$", () => {
+    it("returns true when the user has premium personally", async () => {
+      userBillingAccountProfileState.nextState({
+        hasPremiumPersonally: true,
+        hasPremiumFromAnyOrganization: false,
+      });
+
+      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(true);
+    });
+
+    it("returns false when the user does not have premium personally", async () => {
+      userBillingAccountProfileState.nextState({
+        hasPremiumPersonally: false,
+        hasPremiumFromAnyOrganization: false,
+      });
+
+      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(false);
+    });
+
+    it("returns false when there is no active user", async () => {
+      await accountService.switchAccount(null);
+
+      expect(await firstValueFrom(sut.hasPremiumPersonally$)).toBe(false);
+    });
+  });
+
+  describe("hasPremiumFromAnySource$", () => {
+    it("returns true when the user has premium personally", async () => {
+      userBillingAccountProfileState.nextState({
+        hasPremiumPersonally: true,
+        hasPremiumFromAnyOrganization: false,
+      });
 
       expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
     });
 
-    it("should have `canAccessPremium$` emit `true` when passing `true` as an argument for hasPremiumFromAnyOrganization", async () => {
-      await sut.setHasPremium(false, true);
+    it("returns true when the user has premium from an organization", async () => {
+      userBillingAccountProfileState.nextState({
+        hasPremiumPersonally: false,
+        hasPremiumFromAnyOrganization: true,
+      });
 
       expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
     });
 
-    it("should have `canAccessPremium$` emit `false` when passing `false` for all arguments", async () => {
-      await sut.setHasPremium(false, false);
+    it("returns true when they have premium personally AND from an organization", async () => {
+      userBillingAccountProfileState.nextState({
+        hasPremiumPersonally: true,
+        hasPremiumFromAnyOrganization: true,
+      });
+
+      expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(true);
+    });
+
+    it("returns false when there is no active user", async () => {
+      await accountService.switchAccount(null);
 
       expect(await firstValueFrom(sut.hasPremiumFromAnySource$)).toBe(false);
     });
   });
+
+  describe("setHasPremium", () => {
+    it("should update the active users state when called", async () => {
+      await sut.setHasPremium(true, false);
+
+      expect(billingAccountProfileState.nextMock).toHaveBeenCalledWith([
+        userId,
+        { hasPremiumPersonally: true, hasPremiumFromAnyOrganization: false },
+      ]);
+    });
+  });
 });
diff --git a/libs/common/src/billing/services/account/billing-account-profile-state.service.ts b/libs/common/src/billing/services/account/billing-account-profile-state.service.ts
index c6b6f104a8..336021c993 100644
--- a/libs/common/src/billing/services/account/billing-account-profile-state.service.ts
+++ b/libs/common/src/billing/services/account/billing-account-profile-state.service.ts
@@ -1,10 +1,10 @@
-import { map, Observable } from "rxjs";
+import { map, Observable, of, switchMap } from "rxjs";
 
 import {
   ActiveUserState,
-  ActiveUserStateProvider,
   BILLING_DISK,
   KeyDefinition,
+  StateProvider,
 } from "../../../platform/state";
 import {
   BillingAccountProfile,
@@ -26,24 +26,34 @@ export class DefaultBillingAccountProfileStateService implements BillingAccountP
   hasPremiumPersonally$: Observable<boolean>;
   hasPremiumFromAnySource$: Observable<boolean>;
 
-  constructor(activeUserStateProvider: ActiveUserStateProvider) {
-    this.billingAccountProfileState = activeUserStateProvider.get(
+  constructor(stateProvider: StateProvider) {
+    this.billingAccountProfileState = stateProvider.getActive(
       BILLING_ACCOUNT_PROFILE_KEY_DEFINITION,
     );
 
-    this.hasPremiumFromAnyOrganization$ = this.billingAccountProfileState.state$.pipe(
+    // Setup an observable that will always track the currently active user
+    // but will fallback to emitting null when there is no active user.
+    const billingAccountProfileOrNull = stateProvider.activeUserId$.pipe(
+      switchMap((userId) =>
+        userId != null
+          ? stateProvider.getUser(userId, BILLING_ACCOUNT_PROFILE_KEY_DEFINITION).state$
+          : of(null),
+      ),
+    );
+
+    this.hasPremiumFromAnyOrganization$ = billingAccountProfileOrNull.pipe(
       map((billingAccountProfile) => !!billingAccountProfile?.hasPremiumFromAnyOrganization),
     );
 
-    this.hasPremiumPersonally$ = this.billingAccountProfileState.state$.pipe(
+    this.hasPremiumPersonally$ = billingAccountProfileOrNull.pipe(
       map((billingAccountProfile) => !!billingAccountProfile?.hasPremiumPersonally),
     );
 
-    this.hasPremiumFromAnySource$ = this.billingAccountProfileState.state$.pipe(
+    this.hasPremiumFromAnySource$ = billingAccountProfileOrNull.pipe(
       map(
         (billingAccountProfile) =>
-          billingAccountProfile?.hasPremiumFromAnyOrganization ||
-          billingAccountProfile?.hasPremiumPersonally,
+          billingAccountProfile?.hasPremiumFromAnyOrganization === true ||
+          billingAccountProfile?.hasPremiumPersonally === true,
       ),
     );
   }
diff --git a/libs/common/src/billing/services/billing-api.service.ts b/libs/common/src/billing/services/billing-api.service.ts
index 677e500619..3d0ff550ea 100644
--- a/libs/common/src/billing/services/billing-api.service.ts
+++ b/libs/common/src/billing/services/billing-api.service.ts
@@ -12,7 +12,7 @@ export class BillingApiService implements BillingApiServiceAbstraction {
   ): Promise<void> {
     return this.apiService.send(
       "POST",
-      "/organizations/" + organizationId + "/churn",
+      "/organizations/" + organizationId + "/cancel",
       request,
       true,
       false,
@@ -20,7 +20,7 @@ export class BillingApiService implements BillingApiServiceAbstraction {
   }
 
   cancelPremiumUserSubscription(request: SubscriptionCancellationRequest): Promise<void> {
-    return this.apiService.send("POST", "/accounts/churn-premium", request, true, false);
+    return this.apiService.send("POST", "/accounts/cancel", request, true, false);
   }
 
   async getBillingStatus(id: string): Promise<OrganizationBillingStatusResponse> {
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index 8ca80759b2..ca5ccc17b5 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -2,12 +2,10 @@ export enum FeatureFlag {
   BrowserFilelessImport = "browser-fileless-import",
   ItemShare = "item-share",
   FlexibleCollectionsV1 = "flexible-collections-v-1", // v-1 is intentional
-  BulkCollectionAccess = "bulk-collection-access",
   VaultOnboarding = "vault-onboarding",
   GeneratorToolsModernization = "generator-tools-modernization",
   KeyRotationImprovements = "key-rotation-improvements",
   FlexibleCollectionsMigration = "flexible-collections-migration",
-  AC1607_PresentUserOffboardingSurvey = "AC-1607_present-user-offboarding-survey",
   ShowPaymentMethodWarningBanners = "show-payment-method-warning-banners",
 }
 
diff --git a/libs/common/src/platform/abstractions/app-id.service.ts b/libs/common/src/platform/abstractions/app-id.service.ts
index c1414dd01f..c2c1a23ef5 100644
--- a/libs/common/src/platform/abstractions/app-id.service.ts
+++ b/libs/common/src/platform/abstractions/app-id.service.ts
@@ -1,8 +1,8 @@
 import { Observable } from "rxjs";
 
 export abstract class AppIdService {
-  appId$: Observable<string>;
-  anonymousAppId$: Observable<string>;
-  getAppId: () => Promise<string>;
-  getAnonymousAppId: () => Promise<string>;
+  abstract appId$: Observable<string>;
+  abstract anonymousAppId$: Observable<string>;
+  abstract getAppId(): Promise<string>;
+  abstract getAnonymousAppId(): Promise<string>;
 }
diff --git a/libs/common/src/platform/abstractions/broadcaster.service.ts b/libs/common/src/platform/abstractions/broadcaster.service.ts
index 5df3c03343..8abfb5a90c 100644
--- a/libs/common/src/platform/abstractions/broadcaster.service.ts
+++ b/libs/common/src/platform/abstractions/broadcaster.service.ts
@@ -9,13 +9,13 @@ export abstract class BroadcasterService {
   /**
    * @deprecated Use the observable from the appropriate service instead.
    */
-  send: (message: MessageBase, id?: string) => void;
+  abstract send(message: MessageBase, id?: string): void;
   /**
    * @deprecated Use the observable from the appropriate service instead.
    */
-  subscribe: (id: string, messageCallback: (message: MessageBase) => void) => void;
+  abstract subscribe(id: string, messageCallback: (message: MessageBase) => void): void;
   /**
    * @deprecated Use the observable from the appropriate service instead.
    */
-  unsubscribe: (id: string) => void;
+  abstract unsubscribe(id: string): void;
 }
diff --git a/libs/common/src/platform/abstractions/config/config-api.service.abstraction.ts b/libs/common/src/platform/abstractions/config/config-api.service.abstraction.ts
index 2b25164e7c..3c191f59cc 100644
--- a/libs/common/src/platform/abstractions/config/config-api.service.abstraction.ts
+++ b/libs/common/src/platform/abstractions/config/config-api.service.abstraction.ts
@@ -1,5 +1,9 @@
+import { UserId } from "../../../types/guid";
 import { ServerConfigResponse } from "../../models/response/server-config.response";
 
 export abstract class ConfigApiServiceAbstraction {
-  get: () => Promise<ServerConfigResponse>;
+  /**
+   * Fetches the server configuration for the given user. If no user is provided, the configuration will not contain user-specific context.
+   */
+  abstract get(userId: UserId | undefined): Promise<ServerConfigResponse>;
 }
diff --git a/libs/common/src/platform/abstractions/config/config.service.abstraction.ts b/libs/common/src/platform/abstractions/config/config.service.abstraction.ts
deleted file mode 100644
index 1e1de9155f..0000000000
--- a/libs/common/src/platform/abstractions/config/config.service.abstraction.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-import { Observable } from "rxjs";
-import { SemVer } from "semver";
-
-import { FeatureFlag } from "../../../enums/feature-flag.enum";
-import { Region } from "../environment.service";
-
-import { ServerConfig } from "./server-config";
-
-export abstract class ConfigServiceAbstraction {
-  serverConfig$: Observable<ServerConfig | null>;
-  cloudRegion$: Observable<Region>;
-  getFeatureFlag$: <T extends boolean | number | string>(
-    key: FeatureFlag,
-    defaultValue?: T,
-  ) => Observable<T>;
-  getFeatureFlag: <T extends boolean | number | string>(
-    key: FeatureFlag,
-    defaultValue?: T,
-  ) => Promise<T>;
-  checkServerMeetsVersionRequirement$: (
-    minimumRequiredServerVersion: SemVer,
-  ) => Observable<boolean>;
-
-  /**
-   * Force ConfigService to fetch an updated config from the server and emit it from serverConfig$
-   * @deprecated The service implementation should subscribe to an observable and use that to trigger a new fetch from
-   * server instead
-   */
-  triggerServerConfigFetch: () => void;
-}
diff --git a/libs/common/src/platform/abstractions/config/config.service.ts b/libs/common/src/platform/abstractions/config/config.service.ts
new file mode 100644
index 0000000000..9eca5891ac
--- /dev/null
+++ b/libs/common/src/platform/abstractions/config/config.service.ts
@@ -0,0 +1,47 @@
+import { Observable } from "rxjs";
+import { SemVer } from "semver";
+
+import { FeatureFlag } from "../../../enums/feature-flag.enum";
+import { Region } from "../environment.service";
+
+import { ServerConfig } from "./server-config";
+
+export abstract class ConfigService {
+  /** The server config of the currently active user */
+  serverConfig$: Observable<ServerConfig | null>;
+  /** The cloud region of the currently active user */
+  cloudRegion$: Observable<Region>;
+  /**
+   * Retrieves the value of a feature flag for the currently active user
+   * @param key The feature flag to retrieve
+   * @param defaultValue The default value to return if the feature flag is not set or the server's config is irretrievable
+   * @returns An observable that emits the value of the feature flag, updates as the server config changes
+   */
+  getFeatureFlag$: <T extends boolean | number | string>(
+    key: FeatureFlag,
+    defaultValue?: T,
+  ) => Observable<T>;
+  /**
+   * Retrieves the value of a feature flag for the currently active user
+   * @param key The feature flag to retrieve
+   * @param defaultValue The default value to return if the feature flag is not set or the server's config is irretrievable
+   * @returns The value of the feature flag
+   */
+  getFeatureFlag: <T extends boolean | number | string>(
+    key: FeatureFlag,
+    defaultValue?: T,
+  ) => Promise<T>;
+  /**
+   * Verifies whether the server version meets the minimum required version
+   * @param minimumRequiredServerVersion The minimum version required
+   * @returns True if the server version is greater than or equal to the minimum required version
+   */
+  checkServerMeetsVersionRequirement$: (
+    minimumRequiredServerVersion: SemVer,
+  ) => Observable<boolean>;
+
+  /**
+   * Triggers a check that the config for the currently active user is up-to-date. If it is not, it will be fetched from the server and stored.
+   */
+  abstract ensureConfigFetched(): Promise<void>;
+}
diff --git a/libs/common/src/platform/abstractions/config/server-config.ts b/libs/common/src/platform/abstractions/config/server-config.ts
index 2fa250202e..287e359f18 100644
--- a/libs/common/src/platform/abstractions/config/server-config.ts
+++ b/libs/common/src/platform/abstractions/config/server-config.ts
@@ -7,7 +7,6 @@ import {
 } from "../../models/data/server-config.data";
 
 const dayInMilliseconds = 24 * 3600 * 1000;
-const eighteenHoursInMilliseconds = 18 * 3600 * 1000;
 
 export class ServerConfig {
   version: string;
@@ -38,10 +37,6 @@ export class ServerConfig {
     return this.getAgeInMilliseconds() <= dayInMilliseconds;
   }
 
-  expiresSoon(): boolean {
-    return this.getAgeInMilliseconds() >= eighteenHoursInMilliseconds;
-  }
-
   static fromJSON(obj: Jsonify<ServerConfig>): ServerConfig {
     if (obj == null) {
       return null;
diff --git a/libs/common/src/platform/abstractions/crypto-function.service.ts b/libs/common/src/platform/abstractions/crypto-function.service.ts
index db432abc34..18c14677dd 100644
--- a/libs/common/src/platform/abstractions/crypto-function.service.ts
+++ b/libs/common/src/platform/abstractions/crypto-function.service.ts
@@ -3,85 +3,85 @@ import { DecryptParameters } from "../models/domain/decrypt-parameters";
 import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
 
 export abstract class CryptoFunctionService {
-  pbkdf2: (
+  abstract pbkdf2(
     password: string | Uint8Array,
     salt: string | Uint8Array,
     algorithm: "sha256" | "sha512",
     iterations: number,
-  ) => Promise<Uint8Array>;
-  argon2: (
+  ): Promise<Uint8Array>;
+  abstract argon2(
     password: string | Uint8Array,
     salt: string | Uint8Array,
     iterations: number,
     memory: number,
     parallelism: number,
-  ) => Promise<Uint8Array>;
-  hkdf: (
+  ): Promise<Uint8Array>;
+  abstract hkdf(
     ikm: Uint8Array,
     salt: string | Uint8Array,
     info: string | Uint8Array,
     outputByteSize: number,
     algorithm: "sha256" | "sha512",
-  ) => Promise<Uint8Array>;
-  hkdfExpand: (
+  ): Promise<Uint8Array>;
+  abstract hkdfExpand(
     prk: Uint8Array,
     info: string | Uint8Array,
     outputByteSize: number,
     algorithm: "sha256" | "sha512",
-  ) => Promise<Uint8Array>;
-  hash: (
+  ): Promise<Uint8Array>;
+  abstract hash(
     value: string | Uint8Array,
     algorithm: "sha1" | "sha256" | "sha512" | "md5",
-  ) => Promise<Uint8Array>;
-  hmac: (
+  ): Promise<Uint8Array>;
+  abstract hmac(
     value: Uint8Array,
     key: Uint8Array,
     algorithm: "sha1" | "sha256" | "sha512",
-  ) => Promise<Uint8Array>;
-  compare: (a: Uint8Array, b: Uint8Array) => Promise<boolean>;
-  hmacFast: (
+  ): Promise<Uint8Array>;
+  abstract compare(a: Uint8Array, b: Uint8Array): Promise<boolean>;
+  abstract hmacFast(
     value: Uint8Array | string,
     key: Uint8Array | string,
     algorithm: "sha1" | "sha256" | "sha512",
-  ) => Promise<Uint8Array | string>;
-  compareFast: (a: Uint8Array | string, b: Uint8Array | string) => Promise<boolean>;
-  aesEncrypt: (data: Uint8Array, iv: Uint8Array, key: Uint8Array) => Promise<Uint8Array>;
-  aesDecryptFastParameters: (
+  ): Promise<Uint8Array | string>;
+  abstract compareFast(a: Uint8Array | string, b: Uint8Array | string): Promise<boolean>;
+  abstract aesEncrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array>;
+  abstract aesDecryptFastParameters(
     data: string,
     iv: string,
     mac: string,
     key: SymmetricCryptoKey,
-  ) => DecryptParameters<Uint8Array | string>;
-  aesDecryptFast: (
+  ): DecryptParameters<Uint8Array | string>;
+  abstract aesDecryptFast(
     parameters: DecryptParameters<Uint8Array | string>,
     mode: "cbc" | "ecb",
-  ) => Promise<string>;
-  aesDecrypt: (
+  ): Promise<string>;
+  abstract aesDecrypt(
     data: Uint8Array,
     iv: Uint8Array,
     key: Uint8Array,
     mode: "cbc" | "ecb",
-  ) => Promise<Uint8Array>;
-  rsaEncrypt: (
+  ): Promise<Uint8Array>;
+  abstract rsaEncrypt(
     data: Uint8Array,
     publicKey: Uint8Array,
     algorithm: "sha1" | "sha256",
-  ) => Promise<Uint8Array>;
-  rsaDecrypt: (
+  ): Promise<Uint8Array>;
+  abstract rsaDecrypt(
     data: Uint8Array,
     privateKey: Uint8Array,
     algorithm: "sha1" | "sha256",
-  ) => Promise<Uint8Array>;
-  rsaExtractPublicKey: (privateKey: Uint8Array) => Promise<Uint8Array>;
-  rsaGenerateKeyPair: (length: 1024 | 2048 | 4096) => Promise<[Uint8Array, Uint8Array]>;
+  ): Promise<Uint8Array>;
+  abstract rsaExtractPublicKey(privateKey: Uint8Array): Promise<Uint8Array>;
+  abstract rsaGenerateKeyPair(length: 1024 | 2048 | 4096): Promise<[Uint8Array, Uint8Array]>;
   /**
    * Generates a key of the given length suitable for use in AES encryption
    */
-  aesGenerateKey: (bitLength: 128 | 192 | 256 | 512) => Promise<CsprngArray>;
+  abstract aesGenerateKey(bitLength: 128 | 192 | 256 | 512): Promise<CsprngArray>;
   /**
    * Generates a random array of bytes of the given length. Uses a cryptographically secure random number generator.
    *
    * Do not use this for generating encryption keys. Use aesGenerateKey or rsaGenerateKeyPair instead.
    */
-  randomBytes: (length: number) => Promise<CsprngArray>;
+  abstract randomBytes(length: number): Promise<CsprngArray>;
 }
diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts
index a5a2d45233..85b2bfe82e 100644
--- a/libs/common/src/platform/abstractions/crypto.service.ts
+++ b/libs/common/src/platform/abstractions/crypto.service.ts
@@ -12,7 +12,15 @@ import { EncString } from "../models/domain/enc-string";
 import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
 
 export abstract class CryptoService {
-  activeUserKey$: Observable<UserKey>;
+  abstract activeUserKey$: Observable<UserKey>;
+
+  /**
+   * Returns the an observable key for the given user id.
+   *
+   * @note this observable represents only user keys stored in memory. A null value does not indicate that we cannot load a user key from storage.
+   * @param userId The desired user
+   */
+  abstract getInMemoryUserKeyFor$(userId: UserId): Observable<UserKey>;
   /**
    * Sets the provided user key and stores
    * any other necessary versions (such as auto, biometrics,
@@ -22,105 +30,105 @@ export abstract class CryptoService {
    * @param key The user key to set
    * @param userId The desired user
    */
-  setUserKey: (key: UserKey, userId?: string) => Promise<void>;
+  abstract setUserKey(key: UserKey, userId?: string): Promise<void>;
   /**
    * Gets the user key from memory and sets it again,
    * kicking off a refresh of any additional keys
    * (such as auto, biometrics, or pin)
    */
-  refreshAdditionalKeys: () => Promise<void>;
+  abstract refreshAdditionalKeys(): Promise<void>;
   /**
    * Observable value that returns whether or not the currently active user has ever had auser key,
    * i.e. has ever been unlocked/decrypted. This is key for differentiating between TDE locked and standard locked states.
    */
-  everHadUserKey$: Observable<boolean>;
+  abstract everHadUserKey$: Observable<boolean>;
   /**
    * Retrieves the user key
    * @param userId The desired user
    * @returns The user key
    */
-  getUserKey: (userId?: string) => Promise<UserKey>;
+  abstract getUserKey(userId?: string): Promise<UserKey>;
 
   /**
    * Checks if the user is using an old encryption scheme that used the master key
    * for encryption of data instead of the user key.
    */
-  isLegacyUser: (masterKey?: MasterKey, userId?: string) => Promise<boolean>;
+  abstract isLegacyUser(masterKey?: MasterKey, userId?: string): Promise<boolean>;
   /**
    * Use for encryption/decryption of data in order to support legacy
    * encryption models. It will return the user key if available,
    * if not it will return the master key.
    * @param userId The desired user
    */
-  getUserKeyWithLegacySupport: (userId?: string) => Promise<UserKey>;
+  abstract getUserKeyWithLegacySupport(userId?: string): Promise<UserKey>;
   /**
    * Retrieves the user key from storage
    * @param keySuffix The desired version of the user's key to retrieve
    * @param userId The desired user
    * @returns The user key
    */
-  getUserKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<UserKey>;
+  abstract getUserKeyFromStorage(keySuffix: KeySuffixOptions, userId?: string): Promise<UserKey>;
 
   /**
    * Determines whether the user key is available for the given user.
    * @param userId The desired user. If not provided, the active user will be used. If no active user exists, the method will return false.
    * @returns True if the user key is available
    */
-  hasUserKey: (userId?: UserId) => Promise<boolean>;
+  abstract hasUserKey(userId?: UserId): Promise<boolean>;
   /**
    * Determines whether the user key is available for the given user in memory.
    * @param userId The desired user. If not provided, the active user will be used. If no active user exists, the method will return false.
    * @returns True if the user key is available
    */
-  hasUserKeyInMemory: (userId?: string) => Promise<boolean>;
+  abstract hasUserKeyInMemory(userId?: string): Promise<boolean>;
   /**
    * @param keySuffix The desired version of the user's key to check
    * @param userId The desired user
    * @returns True if the provided version of the user key is stored
    */
-  hasUserKeyStored: (keySuffix: KeySuffixOptions, userId?: string) => Promise<boolean>;
+  abstract hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean>;
   /**
    * Generates a new user key
    * @param masterKey The user's master key
    * @returns A new user key and the master key protected version of it
    */
-  makeUserKey: (key: MasterKey) => Promise<[UserKey, EncString]>;
+  abstract makeUserKey(key: MasterKey): Promise<[UserKey, EncString]>;
   /**
    * Clears the user key
    * @param clearStoredKeys Clears all stored versions of the user keys as well,
    * such as the biometrics key
    * @param userId The desired user
    */
-  clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>;
+  abstract clearUserKey(clearSecretStorage?: boolean, userId?: string): Promise<void>;
   /**
    * Clears the user's stored version of the user key
    * @param keySuffix The desired version of the key to clear
    * @param userId The desired user
    */
-  clearStoredUserKey: (keySuffix: KeySuffixOptions, userId?: string) => Promise<void>;
+  abstract clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise<void>;
   /**
    * Stores the master key encrypted user key
    * @param userKeyMasterKey The master key encrypted user key to set
    * @param userId The desired user
    */
-  setMasterKeyEncryptedUserKey: (UserKeyMasterKey: string, userId?: string) => Promise<void>;
+  abstract setMasterKeyEncryptedUserKey(UserKeyMasterKey: string, userId?: string): Promise<void>;
   /**
    * Sets the user's master key
    * @param key The user's master key to set
    * @param userId The desired user
    */
-  setMasterKey: (key: MasterKey, userId?: string) => Promise<void>;
+  abstract setMasterKey(key: MasterKey, userId?: string): Promise<void>;
   /**
    * @param userId The desired user
    * @returns The user's master key
    */
-  getMasterKey: (userId?: string) => Promise<MasterKey>;
+  abstract getMasterKey(userId?: string): Promise<MasterKey>;
 
   /**
    * @param password The user's master password that will be used to derive a master key if one isn't found
    * @param userId The desired user
    */
-  getOrDeriveMasterKey: (password: string, userId?: string) => Promise<MasterKey>;
+  abstract getOrDeriveMasterKey(password: string, userId?: string): Promise<MasterKey>;
   /**
    * Generates a master key from the provided password
    * @param password The user's master password
@@ -129,17 +137,17 @@ export abstract class CryptoService {
    * @param KdfConfig The user's key derivation function configuration
    * @returns A master key derived from the provided password
    */
-  makeMasterKey: (
+  abstract makeMasterKey(
     password: string,
     email: string,
     kdf: KdfType,
     KdfConfig: KdfConfig,
-  ) => Promise<MasterKey>;
+  ): Promise<MasterKey>;
   /**
    * Clears the user's master key
    * @param userId The desired user
    */
-  clearMasterKey: (userId?: string) => Promise<void>;
+  abstract clearMasterKey(userId?: string): Promise<void>;
   /**
    * Encrypts the existing (or provided) user key with the
    * provided master key
@@ -147,10 +155,10 @@ export abstract class CryptoService {
    * @param userKey The user key
    * @returns The user key and the master key protected version of it
    */
-  encryptUserKeyWithMasterKey: (
+  abstract encryptUserKeyWithMasterKey(
     masterKey: MasterKey,
     userKey?: UserKey,
-  ) => Promise<[UserKey, EncString]>;
+  ): Promise<[UserKey, EncString]>;
   /**
    * Decrypts the user key with the provided master key
    * @param masterKey The user's master key
@@ -158,11 +166,11 @@ export abstract class CryptoService {
    * @param userId The desired user
    * @returns The user key
    */
-  decryptUserKeyWithMasterKey: (
+  abstract decryptUserKeyWithMasterKey(
     masterKey: MasterKey,
     userKey?: EncString,
     userId?: string,
-  ) => Promise<UserKey>;
+  ): Promise<UserKey>;
   /**
    * Creates a master password hash from the user's master password. Can
    * be used for local authentication or for server authentication depending
@@ -172,21 +180,25 @@ export abstract class CryptoService {
    * @param hashPurpose The iterations to use for the hash
    * @returns The user's master password hash
    */
-  hashMasterKey: (password: string, key: MasterKey, hashPurpose?: HashPurpose) => Promise<string>;
+  abstract hashMasterKey(
+    password: string,
+    key: MasterKey,
+    hashPurpose?: HashPurpose,
+  ): Promise<string>;
   /**
    * Sets the user's master password hash
    * @param keyHash The user's master password hash to set
    */
-  setMasterKeyHash: (keyHash: string) => Promise<void>;
+  abstract setMasterKeyHash(keyHash: string): Promise<void>;
   /**
    * @returns The user's master password hash
    */
-  getMasterKeyHash: () => Promise<string>;
+  abstract getMasterKeyHash(): Promise<string>;
   /**
    * Clears the user's stored master password hash
    * @param userId The desired user
    */
-  clearMasterKeyHash: (userId?: string) => Promise<void>;
+  abstract clearMasterKeyHash(userId?: string): Promise<void>;
   /**
    * Compares the provided master password to the stored password hash and server password hash.
    * Updates the stored hash if outdated.
@@ -195,107 +207,109 @@ export abstract class CryptoService {
    * @returns True if the provided master password matches either the stored
    * key hash or the server key hash
    */
-  compareAndUpdateKeyHash: (masterPassword: string, masterKey: MasterKey) => Promise<boolean>;
+  abstract compareAndUpdateKeyHash(masterPassword: string, masterKey: MasterKey): Promise<boolean>;
   /**
    * Stores the encrypted organization keys and clears any decrypted
    * organization keys currently in memory
    * @param orgs The organizations to set keys for
    * @param providerOrgs The provider organizations to set keys for
    */
-  setOrgKeys: (
+  abstract setOrgKeys(
     orgs: ProfileOrganizationResponse[],
     providerOrgs: ProfileProviderOrganizationResponse[],
-  ) => Promise<void>;
-  activeUserOrgKeys$: Observable<Record<OrganizationId, OrgKey>>;
+  ): Promise<void>;
+  abstract activeUserOrgKeys$: Observable<Record<OrganizationId, OrgKey>>;
   /**
    * Returns the organization's symmetric key
    * @deprecated Use the observable activeUserOrgKeys$ and `map` to the desired orgKey instead
    * @param orgId The desired organization
    * @returns The organization's symmetric key
    */
-  getOrgKey: (orgId: string) => Promise<OrgKey>;
+  abstract getOrgKey(orgId: string): Promise<OrgKey>;
   /**
    * @deprecated Use the observable activeUserOrgKeys$ instead
    * @returns A record of the organization Ids to their symmetric keys
    */
-  getOrgKeys: () => Promise<Record<string, SymmetricCryptoKey>>;
+  abstract getOrgKeys(): Promise<Record<string, SymmetricCryptoKey>>;
   /**
    * Uses the org key to derive a new symmetric key for encrypting data
    * @param orgKey The organization's symmetric key
    */
-  makeDataEncKey: <T extends UserKey | OrgKey>(key: T) => Promise<[SymmetricCryptoKey, EncString]>;
+  abstract makeDataEncKey<T extends UserKey | OrgKey>(
+    key: T,
+  ): Promise<[SymmetricCryptoKey, EncString]>;
   /**
    * Clears the user's stored organization keys
    * @param memoryOnly Clear only the in-memory keys
    * @param userId The desired user
    */
-  clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<void>;
+  abstract clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void>;
   /**
    * Stores the encrypted provider keys and clears any decrypted
    * provider keys currently in memory
    * @param providers The providers to set keys for
    */
-  activeUserProviderKeys$: Observable<Record<ProviderId, ProviderKey>>;
-  setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
+  abstract activeUserProviderKeys$: Observable<Record<ProviderId, ProviderKey>>;
+  abstract setProviderKeys(orgs: ProfileProviderResponse[]): Promise<void>;
   /**
    * @param providerId The desired provider
    * @returns The provider's symmetric key
    */
-  getProviderKey: (providerId: string) => Promise<ProviderKey>;
+  abstract getProviderKey(providerId: string): Promise<ProviderKey>;
   /**
    * @returns A record of the provider Ids to their symmetric keys
    */
-  getProviderKeys: () => Promise<Record<ProviderId, ProviderKey>>;
+  abstract getProviderKeys(): Promise<Record<ProviderId, ProviderKey>>;
   /**
    * @param memoryOnly Clear only the in-memory keys
    * @param userId The desired user
    */
-  clearProviderKeys: (memoryOnly?: boolean, userId?: string) => Promise<void>;
+  abstract clearProviderKeys(memoryOnly?: boolean, userId?: string): Promise<void>;
   /**
    * Returns the public key from memory. If not available, extracts it
    * from the private key and stores it in memory
    * @returns The user's public key
    */
-  getPublicKey: () => Promise<Uint8Array>;
+  abstract getPublicKey(): Promise<Uint8Array>;
   /**
    * Creates a new organization key and encrypts it with the user's public key.
    * This method can also return Provider keys for creating new Provider users.
    * @returns The new encrypted org key and the decrypted key itself
    */
-  makeOrgKey: <T extends OrgKey | ProviderKey>() => Promise<[EncString, T]>;
+  abstract makeOrgKey<T extends OrgKey | ProviderKey>(): Promise<[EncString, T]>;
   /**
    * Sets the the user's encrypted private key in storage and
    * clears the decrypted private key from memory
    * Note: does not clear the private key if null is provided
    * @param encPrivateKey An encrypted private key
    */
-  setPrivateKey: (encPrivateKey: string) => Promise<void>;
+  abstract setPrivateKey(encPrivateKey: string): Promise<void>;
   /**
    * Returns the private key from memory. If not available, decrypts it
    * from storage and stores it in memory
    * @returns The user's private key
    */
-  getPrivateKey: () => Promise<Uint8Array>;
+  abstract getPrivateKey(): Promise<Uint8Array>;
   /**
    * Generates a fingerprint phrase for the user based on their public key
    * @param fingerprintMaterial Fingerprint material
    * @param publicKey The user's public key
    * @returns The user's fingerprint phrase
    */
-  getFingerprint: (fingerprintMaterial: string, publicKey?: Uint8Array) => Promise<string[]>;
+  abstract getFingerprint(fingerprintMaterial: string, publicKey?: Uint8Array): Promise<string[]>;
   /**
    * Generates a new keypair
    * @param key A key to encrypt the private key with. If not provided,
    * defaults to the user key
    * @returns A new keypair: [publicKey in Base64, encrypted privateKey]
    */
-  makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
+  abstract makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]>;
   /**
    * Clears the user's key pair
    * @param memoryOnly Clear only the in-memory keys
    * @param userId The desired user
    */
-  clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<void[]>;
+  abstract clearKeyPair(memoryOnly?: boolean, userId?: string): Promise<void[]>;
   /**
    * @param pin The user's pin
    * @param salt The user's salt
@@ -303,14 +317,19 @@ export abstract class CryptoService {
    * @param kdfConfig The user's kdf config
    * @returns A key derived from the user's pin
    */
-  makePinKey: (pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig) => Promise<PinKey>;
+  abstract makePinKey(
+    pin: string,
+    salt: string,
+    kdf: KdfType,
+    kdfConfig: KdfConfig,
+  ): Promise<PinKey>;
   /**
    * Clears the user's pin keys from storage
    * Note: This will remove the stored pin and as a result,
    * disable pin protection for the user
    * @param userId The desired user
    */
-  clearPinKeys: (userId?: string) => Promise<void>;
+  abstract clearPinKeys(userId?: string): Promise<void>;
   /**
    * Decrypts the user key with their pin
    * @param pin The user's PIN
@@ -321,13 +340,13 @@ export abstract class CryptoService {
    * it will be retrieved from storage
    * @returns The decrypted user key
    */
-  decryptUserKeyWithPin: (
+  abstract decryptUserKeyWithPin(
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     protectedKeyCs?: EncString,
-  ) => Promise<UserKey>;
+  ): Promise<UserKey>;
   /**
    * Creates a new Pin key that encrypts the user key instead of the
    * master key. Clears the old Pin key from state.
@@ -340,55 +359,55 @@ export abstract class CryptoService {
    * places depending on if Master Password on Restart was enabled)
    * @returns The user key
    */
-  decryptAndMigrateOldPinKey: (
+  abstract decryptAndMigrateOldPinKey(
     masterPasswordOnRestart: boolean,
     pin: string,
     email: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     oldPinKey: EncString,
-  ) => Promise<UserKey>;
+  ): Promise<UserKey>;
   /**
    * Replaces old master auto keys with new user auto keys
    */
-  migrateAutoKeyIfNeeded: (userId?: string) => Promise<void>;
+  abstract migrateAutoKeyIfNeeded(userId?: string): Promise<void>;
   /**
    * @param keyMaterial The key material to derive the send key from
    * @returns A new send key
    */
-  makeSendKey: (keyMaterial: Uint8Array) => Promise<SymmetricCryptoKey>;
+  abstract makeSendKey(keyMaterial: Uint8Array): Promise<SymmetricCryptoKey>;
   /**
    * Clears all of the user's keys from storage
    * @param userId The user's Id
    */
-  clearKeys: (userId?: string) => Promise<any>;
+  abstract clearKeys(userId?: string): Promise<any>;
   /**
    * RSA encrypts a value.
    * @param data The data to encrypt
    * @param publicKey The public key to use for encryption, if not provided, the user's public key will be used
    * @returns The encrypted data
    */
-  rsaEncrypt: (data: Uint8Array, publicKey?: Uint8Array) => Promise<EncString>;
+  abstract rsaEncrypt(data: Uint8Array, publicKey?: Uint8Array): Promise<EncString>;
   /**
    * Decrypts a value using RSA.
    * @param encValue The encrypted value to decrypt
    * @param privateKeyValue The private key to use for decryption
    * @returns The decrypted value
    */
-  rsaDecrypt: (encValue: string, privateKeyValue?: Uint8Array) => Promise<Uint8Array>;
-  randomNumber: (min: number, max: number) => Promise<number>;
+  abstract rsaDecrypt(encValue: string, privateKeyValue?: Uint8Array): Promise<Uint8Array>;
+  abstract randomNumber(min: number, max: number): Promise<number>;
   /**
    * Generates a new cipher key
    * @returns A new cipher key
    */
-  makeCipherKey: () => Promise<CipherKey>;
+  abstract makeCipherKey(): Promise<CipherKey>;
 
   /**
    * Initialize all necessary crypto keys needed for a new account.
    * Warning! This completely replaces any existing keys!
    * @returns The user's newly created  public key, private key, and encrypted private key
    */
-  initAccount: () => Promise<{
+  abstract initAccount(): Promise<{
     userKey: UserKey;
     publicKey: string;
     privateKey: EncString;
@@ -400,18 +419,18 @@ export abstract class CryptoService {
    * @remarks
    * Should always be called before updating a users KDF config.
    */
-  validateKdfConfig: (kdf: KdfType, kdfConfig: KdfConfig) => void;
+  abstract validateKdfConfig(kdf: KdfType, kdfConfig: KdfConfig): void;
 
   /**
    * @deprecated Left for migration purposes. Use decryptUserKeyWithPin instead.
    */
-  decryptMasterKeyWithPin: (
+  abstract decryptMasterKeyWithPin(
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     protectedKeyCs?: EncString,
-  ) => Promise<MasterKey>;
+  ): Promise<MasterKey>;
   /**
    * Previously, the master key was used for any additional key like the biometrics or pin key.
    * We have switched to using the user key for these purposes. This method is for clearing the state
@@ -419,30 +438,36 @@ export abstract class CryptoService {
    * @param keySuffix The desired type of key to clear
    * @param userId The desired user
    */
-  clearDeprecatedKeys: (keySuffix: KeySuffixOptions, userId?: string) => Promise<void>;
+  abstract clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: string): Promise<void>;
   /**
    * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
    * and then call encryptService.encrypt
    */
-  encrypt: (plainValue: string | Uint8Array, key?: SymmetricCryptoKey) => Promise<EncString>;
+  abstract encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey): Promise<EncString>;
   /**
    * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
    * and then call encryptService.encryptToBytes
    */
-  encryptToBytes: (plainValue: Uint8Array, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
+  abstract encryptToBytes(
+    plainValue: Uint8Array,
+    key?: SymmetricCryptoKey,
+  ): Promise<EncArrayBuffer>;
   /**
    * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
    * and then call encryptService.decryptToBytes
    */
-  decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<Uint8Array>;
+  abstract decryptToBytes(encString: EncString, key?: SymmetricCryptoKey): Promise<Uint8Array>;
   /**
    * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
    * and then call encryptService.decryptToUtf8
    */
-  decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>;
+  abstract decryptToUtf8(encString: EncString, key?: SymmetricCryptoKey): Promise<string>;
   /**
    * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
    * and then call encryptService.decryptToBytes
    */
-  decryptFromBytes: (encBuffer: EncArrayBuffer, key: SymmetricCryptoKey) => Promise<Uint8Array>;
+  abstract decryptFromBytes(
+    encBuffer: EncArrayBuffer,
+    key: SymmetricCryptoKey,
+  ): Promise<Uint8Array>;
 }
diff --git a/libs/common/src/platform/abstractions/encrypt.service.ts b/libs/common/src/platform/abstractions/encrypt.service.ts
index a5120e6898..9b4dde3676 100644
--- a/libs/common/src/platform/abstractions/encrypt.service.ts
+++ b/libs/common/src/platform/abstractions/encrypt.service.ts
@@ -7,23 +7,26 @@ import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
 
 export abstract class EncryptService {
   abstract encrypt(plainValue: string | Uint8Array, key: SymmetricCryptoKey): Promise<EncString>;
-  abstract encryptToBytes: (
+  abstract encryptToBytes(
     plainValue: Uint8Array,
     key?: SymmetricCryptoKey,
-  ) => Promise<EncArrayBuffer>;
-  abstract decryptToUtf8: (encString: EncString, key: SymmetricCryptoKey) => Promise<string>;
-  abstract decryptToBytes: (encThing: Encrypted, key: SymmetricCryptoKey) => Promise<Uint8Array>;
-  abstract rsaEncrypt: (data: Uint8Array, publicKey: Uint8Array) => Promise<EncString>;
-  abstract rsaDecrypt: (data: EncString, privateKey: Uint8Array) => Promise<Uint8Array>;
-  abstract resolveLegacyKey: (key: SymmetricCryptoKey, encThing: Encrypted) => SymmetricCryptoKey;
-  abstract decryptItems: <T extends InitializerMetadata>(
+  ): Promise<EncArrayBuffer>;
+  abstract decryptToUtf8(encString: EncString, key: SymmetricCryptoKey): Promise<string>;
+  abstract decryptToBytes(encThing: Encrypted, key: SymmetricCryptoKey): Promise<Uint8Array>;
+  abstract rsaEncrypt(data: Uint8Array, publicKey: Uint8Array): Promise<EncString>;
+  abstract rsaDecrypt(data: EncString, privateKey: Uint8Array): Promise<Uint8Array>;
+  abstract resolveLegacyKey(key: SymmetricCryptoKey, encThing: Encrypted): SymmetricCryptoKey;
+  abstract decryptItems<T extends InitializerMetadata>(
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
-  ) => Promise<T[]>;
+  ): Promise<T[]>;
   /**
    * Generates a base64-encoded hash of the given value
    * @param value The value to hash
    * @param algorithm The hashing algorithm to use
    */
-  hash: (value: string | Uint8Array, algorithm: "sha1" | "sha256" | "sha512") => Promise<string>;
+  abstract hash(
+    value: string | Uint8Array,
+    algorithm: "sha1" | "sha256" | "sha512",
+  ): Promise<string>;
 }
diff --git a/libs/common/src/platform/abstractions/environment.service.ts b/libs/common/src/platform/abstractions/environment.service.ts
index 944c1f5133..0293d68903 100644
--- a/libs/common/src/platform/abstractions/environment.service.ts
+++ b/libs/common/src/platform/abstractions/environment.service.ts
@@ -14,64 +14,119 @@ export type Urls = {
   scim?: string;
 };
 
-export type PayPalConfig = {
-  businessId?: string;
-  buttonAction?: string;
-};
-
+/**
+ * A subset of available regions, additional regions can be loaded through configuration.
+ */
 export enum Region {
   US = "US",
   EU = "EU",
   SelfHosted = "Self-hosted",
 }
 
-export enum RegionDomain {
-  US = "bitwarden.com",
-  EU = "bitwarden.eu",
-  USQA = "bitwarden.pw",
+/**
+ * The possible cloud regions.
+ */
+export type CloudRegion = Exclude<Region, Region.SelfHosted>;
+
+export type RegionConfig = {
+  // Beware this isn't completely true, it's actually a string for custom environments,
+  // which are currently only supported in web where it doesn't matter.
+  key: Region;
+  domain: string;
+  urls: Urls;
+};
+
+/**
+ * The Environment interface represents a server environment.
+ *
+ * It provides methods to retrieve the URLs of the different services.
+ */
+export interface Environment {
+  /**
+   * Retrieve the current region.
+   */
+  getRegion(): Region;
+  /**
+   * Retrieve the urls, should only be used when configuring the environment.
+   */
+  getUrls(): Urls;
+
+  /**
+   * Identify if the region is a cloud environment.
+   *
+   * @returns true if the environment is a cloud environment, false otherwise.
+   */
+  isCloud(): boolean;
+
+  getApiUrl(): string;
+  getEventsUrl(): string;
+  getIconsUrl(): string;
+  getIdentityUrl(): string;
+
+  /**
+   * @deprecated This is currently only used by the CLI. This functionality should be extracted since
+   * the CLI relies on changing environment mid-login.
+   *
+   * @remarks
+   * Expect this to be null unless the CLI has explicitly set it during the login flow.
+   */
+  getKeyConnectorUrl(): string | null;
+  getNotificationsUrl(): string;
+  getScimUrl(): string;
+  getSendUrl(): string;
+  getWebVaultUrl(): string;
+
+  /**
+   * Get a friendly hostname for the environment.
+   *
+   * - For self-hosted this is the web vault url without protocol prefix.
+   * - For cloud environments it's the domain key.
+   */
+  getHostname(): string;
+
+  // Not sure why we provide this, evaluate if we can remove it.
+  hasBaseUrl(): boolean;
 }
 
+/**
+ * The environment service. Provides access to set the current environment urls and region.
+ */
 export abstract class EnvironmentService {
-  urls: Observable<void>;
-  usUrls: Urls;
-  euUrls: Urls;
-  selectedRegion?: Region;
-  initialized = true;
+  abstract environment$: Observable<Environment>;
+  abstract cloudWebVaultUrl$: Observable<string>;
 
-  hasBaseUrl: () => boolean;
-  getNotificationsUrl: () => string;
-  getWebVaultUrl: () => string;
   /**
-   * Retrieves the URL of the cloud web vault app.
+   * Retrieve all the available regions for environment selectors.
    *
-   * @returns {string} The URL of the cloud web vault app.
-   * @remarks Use this method only in views exclusive to self-host instances.
+   * This currently relies on compile time provided constants, and will not change at runtime.
+   * Expect all builds to include production environments, QA builds to also include QA
+   * environments and dev builds to include localhost.
    */
-  getCloudWebVaultUrl: () => string;
+  abstract availableRegions(): RegionConfig[];
+
+  /**
+   * Set the global environment.
+   */
+  abstract setEnvironment(region: Region, urls?: Urls): Promise<Urls>;
+
+  /**
+   * Seed the environment state for a given user based on the global environment.
+   *
+   * @remarks
+   * Expected to be called only by the StateService when adding a new account.
+   */
+  abstract seedUserEnvironment(userId: UserId): Promise<void>;
+
   /**
    * Sets the URL of the cloud web vault app based on the region parameter.
    *
-   * @param {Region} region - The region of the cloud web vault app.
+   * @param userId - The user id to set the cloud web vault app URL for. If null or undefined the global environment is set.
+   * @param region - The region of the cloud web vault app.
    */
-  setCloudWebVaultUrl: (region: Region) => void;
+  abstract setCloudRegion(userId: UserId, region: Region): Promise<void>;
 
   /**
-   * Seed the environment for a given user based on the globally set defaults.
+   * Get the environment from state. Useful if you need to get the environment for another user.
    */
-  seedUserEnvironment: (userId: UserId) => Promise<void>;
-
-  getSendUrl: () => string;
-  getIconsUrl: () => string;
-  getApiUrl: () => string;
-  getIdentityUrl: () => string;
-  getEventsUrl: () => string;
-  getKeyConnectorUrl: () => string;
-  getScimUrl: () => string;
-  setUrlsFromStorage: () => Promise<void>;
-  setUrls: (urls: Urls) => Promise<Urls>;
-  getHost: (userId?: string) => Promise<string>;
-  setRegion: (region: Region) => Promise<void>;
-  getUrls: () => Urls;
-  isCloud: () => boolean;
-  isEmpty: () => boolean;
+  abstract getEnvironment(userId?: string): Promise<Environment | undefined>;
 }
diff --git a/libs/common/src/platform/abstractions/file-download/file-download.service.ts b/libs/common/src/platform/abstractions/file-download/file-download.service.ts
index 44d082d72b..8bb70483eb 100644
--- a/libs/common/src/platform/abstractions/file-download/file-download.service.ts
+++ b/libs/common/src/platform/abstractions/file-download/file-download.service.ts
@@ -1,5 +1,5 @@
 import { FileDownloadRequest } from "./file-download.request";
 
 export abstract class FileDownloadService {
-  download: (request: FileDownloadRequest) => void;
+  abstract download(request: FileDownloadRequest): void;
 }
diff --git a/libs/common/src/platform/abstractions/file-upload/file-upload.service.ts b/libs/common/src/platform/abstractions/file-upload/file-upload.service.ts
index e6a323817c..5f26a66620 100644
--- a/libs/common/src/platform/abstractions/file-upload/file-upload.service.ts
+++ b/libs/common/src/platform/abstractions/file-upload/file-upload.service.ts
@@ -3,12 +3,12 @@ import { EncArrayBuffer } from "../../models/domain/enc-array-buffer";
 import { EncString } from "../../models/domain/enc-string";
 
 export abstract class FileUploadService {
-  upload: (
+  abstract upload(
     uploadData: { url: string; fileUploadType: FileUploadType },
     fileName: EncString,
     encryptedFileData: EncArrayBuffer,
     fileUploadMethods: FileUploadApiMethods,
-  ) => Promise<void>;
+  ): Promise<void>;
 }
 
 export type FileUploadApiMethods = {
diff --git a/libs/common/src/platform/abstractions/i18n.service.ts b/libs/common/src/platform/abstractions/i18n.service.ts
index 7b6eb9edc8..a1b44d956a 100644
--- a/libs/common/src/platform/abstractions/i18n.service.ts
+++ b/libs/common/src/platform/abstractions/i18n.service.ts
@@ -3,8 +3,8 @@ import { Observable } from "rxjs";
 import { TranslationService } from "./translation.service";
 
 export abstract class I18nService extends TranslationService {
-  userSetLocale$: Observable<string | undefined>;
-  locale$: Observable<string>;
+  abstract userSetLocale$: Observable<string | undefined>;
+  abstract locale$: Observable<string>;
   abstract setLocale(locale: string): Promise<void>;
   abstract init(): Promise<void>;
 }
diff --git a/libs/common/src/platform/abstractions/key-generation.service.ts b/libs/common/src/platform/abstractions/key-generation.service.ts
index a015182f89..223eb75038 100644
--- a/libs/common/src/platform/abstractions/key-generation.service.ts
+++ b/libs/common/src/platform/abstractions/key-generation.service.ts
@@ -11,7 +11,7 @@ export abstract class KeyGenerationService {
    * 512 bits = 64 bytes
    * @returns Generated key.
    */
-  createKey: (bitLength: 256 | 512) => Promise<SymmetricCryptoKey>;
+  abstract createKey(bitLength: 256 | 512): Promise<SymmetricCryptoKey>;
   /**
    * Generates key material from CSPRNG and derives a 64 byte key from it.
    * Uses HKDF, see {@link https://datatracker.ietf.org/doc/html/rfc5869 RFC 5869}
@@ -22,11 +22,11 @@ export abstract class KeyGenerationService {
    * @param salt Optional. If not provided will be generated from CSPRNG.
    * @returns An object containing the salt, key material, and derived key.
    */
-  createKeyWithPurpose: (
+  abstract createKeyWithPurpose(
     bitLength: 128 | 192 | 256 | 512,
     purpose: string,
     salt?: string,
-  ) => Promise<{ salt: string; material: CsprngArray; derivedKey: SymmetricCryptoKey }>;
+  ): Promise<{ salt: string; material: CsprngArray; derivedKey: SymmetricCryptoKey }>;
   /**
    * Derives a 64 byte key from key material.
    * @remark The key material should be generated from {@link createKey}, or {@link createKeyWithPurpose}.
@@ -37,11 +37,11 @@ export abstract class KeyGenerationService {
    * Different purposes results in different keys, even with the same material.
    * @returns 64 byte derived key.
    */
-  deriveKeyFromMaterial: (
+  abstract deriveKeyFromMaterial(
     material: CsprngArray,
     salt: string,
     purpose: string,
-  ) => Promise<SymmetricCryptoKey>;
+  ): Promise<SymmetricCryptoKey>;
   /**
    * Derives a 32 byte key from a password using a key derivation function.
    * @param password Password to derive the key from.
@@ -50,10 +50,10 @@ export abstract class KeyGenerationService {
    * @param kdfConfig Configuration for the key derivation function.
    * @returns 32 byte derived key.
    */
-  deriveKeyFromPassword: (
+  abstract deriveKeyFromPassword(
     password: string | Uint8Array,
     salt: string | Uint8Array,
     kdf: KdfType,
     kdfConfig: KdfConfig,
-  ) => Promise<SymmetricCryptoKey>;
+  ): Promise<SymmetricCryptoKey>;
 }
diff --git a/libs/common/src/platform/abstractions/log.service.ts b/libs/common/src/platform/abstractions/log.service.ts
index 17db597687..dffa3ca8d3 100644
--- a/libs/common/src/platform/abstractions/log.service.ts
+++ b/libs/common/src/platform/abstractions/log.service.ts
@@ -1,9 +1,9 @@
 import { LogLevelType } from "../enums/log-level-type.enum";
 
 export abstract class LogService {
-  debug: (message: string) => void;
-  info: (message: string) => void;
-  warning: (message: string) => void;
-  error: (message: string) => void;
-  write: (level: LogLevelType, message: string) => void;
+  abstract debug(message: string): void;
+  abstract info(message: string): void;
+  abstract warning(message: string): void;
+  abstract error(message: string): void;
+  abstract write(level: LogLevelType, message: string): void;
 }
diff --git a/libs/common/src/platform/abstractions/messaging.service.ts b/libs/common/src/platform/abstractions/messaging.service.ts
index 7c5f05f919..ab4332c283 100644
--- a/libs/common/src/platform/abstractions/messaging.service.ts
+++ b/libs/common/src/platform/abstractions/messaging.service.ts
@@ -1,3 +1,3 @@
 export abstract class MessagingService {
-  send: (subscriber: string, arg?: any) => void;
+  abstract send(subscriber: string, arg?: any): void;
 }
diff --git a/libs/common/src/platform/abstractions/platform-utils.service.ts b/libs/common/src/platform/abstractions/platform-utils.service.ts
index 0053b7d1d7..d518a17f7b 100644
--- a/libs/common/src/platform/abstractions/platform-utils.service.ts
+++ b/libs/common/src/platform/abstractions/platform-utils.service.ts
@@ -12,34 +12,34 @@ export type ClipboardOptions = {
 };
 
 export abstract class PlatformUtilsService {
-  getDevice: () => DeviceType;
-  getDeviceString: () => string;
-  getClientType: () => ClientType;
-  isFirefox: () => boolean;
-  isChrome: () => boolean;
-  isEdge: () => boolean;
-  isOpera: () => boolean;
-  isVivaldi: () => boolean;
-  isSafari: () => boolean;
-  isMacAppStore: () => boolean;
-  isViewOpen: () => Promise<boolean>;
-  launchUri: (uri: string, options?: any) => void;
-  getApplicationVersion: () => Promise<string>;
-  getApplicationVersionNumber: () => Promise<string>;
-  supportsWebAuthn: (win: Window) => boolean;
-  supportsDuo: () => boolean;
-  showToast: (
+  abstract getDevice(): DeviceType;
+  abstract getDeviceString(): string;
+  abstract getClientType(): ClientType;
+  abstract isFirefox(): boolean;
+  abstract isChrome(): boolean;
+  abstract isEdge(): boolean;
+  abstract isOpera(): boolean;
+  abstract isVivaldi(): boolean;
+  abstract isSafari(): boolean;
+  abstract isMacAppStore(): boolean;
+  abstract isViewOpen(): Promise<boolean>;
+  abstract launchUri(uri: string, options?: any): void;
+  abstract getApplicationVersion(): Promise<string>;
+  abstract getApplicationVersionNumber(): Promise<string>;
+  abstract supportsWebAuthn(win: Window): boolean;
+  abstract supportsDuo(): boolean;
+  abstract showToast(
     type: "error" | "success" | "warning" | "info",
     title: string,
     text: string | string[],
     options?: ToastOptions,
-  ) => void;
-  isDev: () => boolean;
-  isSelfHost: () => boolean;
-  copyToClipboard: (text: string, options?: ClipboardOptions) => void | boolean;
-  readFromClipboard: () => Promise<string>;
-  supportsBiometric: () => Promise<boolean>;
-  authenticateBiometric: () => Promise<boolean>;
-  supportsSecureStorage: () => boolean;
-  getAutofillKeyboardShortcut: () => Promise<string>;
+  ): void;
+  abstract isDev(): boolean;
+  abstract isSelfHost(): boolean;
+  abstract copyToClipboard(text: string, options?: ClipboardOptions): void | boolean;
+  abstract readFromClipboard(): Promise<string>;
+  abstract supportsBiometric(): Promise<boolean>;
+  abstract authenticateBiometric(): Promise<boolean>;
+  abstract supportsSecureStorage(): boolean;
+  abstract getAutofillKeyboardShortcut(): Promise<string>;
 }
diff --git a/libs/common/src/platform/abstractions/state.service.ts b/libs/common/src/platform/abstractions/state.service.ts
index 8d26bf102f..e6346f6a4d 100644
--- a/libs/common/src/platform/abstractions/state.service.ts
+++ b/libs/common/src/platform/abstractions/state.service.ts
@@ -4,17 +4,15 @@ import { AdminAuthRequestStorable } from "../../auth/models/domain/admin-auth-re
 import { ForceSetPasswordReason } from "../../auth/models/domain/force-set-password-reason";
 import { KdfConfig } from "../../auth/models/domain/kdf-config";
 import { BiometricKey } from "../../auth/types/biometric-key";
-import { WindowState } from "../../models/domain/window-state";
 import { GeneratorOptions } from "../../tools/generator/generator-options";
 import { GeneratedPasswordHistory, PasswordGeneratorOptions } from "../../tools/generator/password";
 import { UsernameGeneratorOptions } from "../../tools/generator/username";
 import { SendData } from "../../tools/send/models/data/send.data";
 import { SendView } from "../../tools/send/models/view/send.view";
 import { UserId } from "../../types/guid";
-import { DeviceKey, MasterKey } from "../../types/key";
+import { MasterKey } from "../../types/key";
 import { KdfType } from "../enums";
-import { ServerConfigData } from "../models/data/server-config.data";
-import { Account, AccountDecryptionOptions } from "../models/domain/account";
+import { Account } from "../models/domain/account";
 import { EncString } from "../models/domain/enc-string";
 import { StorageOptions } from "../models/domain/storage-options";
 import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
@@ -46,12 +44,6 @@ export abstract class StateService<T extends Account = Account> {
   clean: (options?: StorageOptions) => Promise<UserId>;
   init: (initOptions?: InitOptions) => Promise<void>;
 
-  getAlwaysShowDock: (options?: StorageOptions) => Promise<boolean>;
-  setAlwaysShowDock: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getBiometricFingerprintValidated: (options?: StorageOptions) => Promise<boolean>;
-  setBiometricFingerprintValidated: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getConvertAccountToKeyConnector: (options?: StorageOptions) => Promise<boolean>;
-  setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
   /**
    * Gets the user's master key
    */
@@ -159,32 +151,17 @@ export abstract class StateService<T extends Account = Account> {
    * @deprecated Do not call this directly, use SendService
    */
   setDecryptedSends: (value: SendView[], options?: StorageOptions) => Promise<void>;
-  getDisableGa: (options?: StorageOptions) => Promise<boolean>;
-  setDisableGa: (value: boolean, options?: StorageOptions) => Promise<void>;
   getDuckDuckGoSharedKey: (options?: StorageOptions) => Promise<string>;
   setDuckDuckGoSharedKey: (value: string, options?: StorageOptions) => Promise<void>;
-  getDeviceKey: (options?: StorageOptions) => Promise<DeviceKey | null>;
-  setDeviceKey: (value: DeviceKey | null, options?: StorageOptions) => Promise<void>;
   getAdminAuthRequest: (options?: StorageOptions) => Promise<AdminAuthRequestStorable | null>;
   setAdminAuthRequest: (
     adminAuthRequest: AdminAuthRequestStorable,
     options?: StorageOptions,
   ) => Promise<void>;
-  getShouldTrustDevice: (options?: StorageOptions) => Promise<boolean | null>;
-  setShouldTrustDevice: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getAccountDecryptionOptions: (
-    options?: StorageOptions,
-  ) => Promise<AccountDecryptionOptions | null>;
-  setAccountDecryptionOptions: (
-    value: AccountDecryptionOptions,
-    options?: StorageOptions,
-  ) => Promise<void>;
   getEmail: (options?: StorageOptions) => Promise<string>;
   setEmail: (value: string, options?: StorageOptions) => Promise<void>;
   getEmailVerified: (options?: StorageOptions) => Promise<boolean>;
   setEmailVerified: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableAlwaysOnTop: (options?: StorageOptions) => Promise<boolean>;
-  setEnableAlwaysOnTop: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableBrowserIntegration: (options?: StorageOptions) => Promise<boolean>;
   setEnableBrowserIntegration: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableBrowserIntegrationFingerprint: (options?: StorageOptions) => Promise<boolean>;
@@ -192,19 +169,6 @@ export abstract class StateService<T extends Account = Account> {
     value: boolean,
     options?: StorageOptions,
   ) => Promise<void>;
-  getEnableCloseToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableCloseToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableDuckDuckGoBrowserIntegration: (options?: StorageOptions) => Promise<boolean>;
-  setEnableDuckDuckGoBrowserIntegration: (
-    value: boolean,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEnableMinimizeToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableMinimizeToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableStartToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableStartToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableTray: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEncryptedPasswordGenerationHistory: (
     options?: StorageOptions,
   ) => Promise<GeneratedPasswordHistory[]>;
@@ -235,8 +199,6 @@ export abstract class StateService<T extends Account = Account> {
     value: ForceSetPasswordReason,
     options?: StorageOptions,
   ) => Promise<void>;
-  getInstalledVersion: (options?: StorageOptions) => Promise<string>;
-  setInstalledVersion: (value: string, options?: StorageOptions) => Promise<void>;
   getIsAuthenticated: (options?: StorageOptions) => Promise<boolean>;
   getKdfConfig: (options?: StorageOptions) => Promise<KdfConfig>;
   setKdfConfig: (kdfConfig: KdfConfig, options?: StorageOptions) => Promise<void>;
@@ -248,14 +210,8 @@ export abstract class StateService<T extends Account = Account> {
   setLastActive: (value: number, options?: StorageOptions) => Promise<void>;
   getLastSync: (options?: StorageOptions) => Promise<string>;
   setLastSync: (value: string, options?: StorageOptions) => Promise<void>;
-  getLocale: (options?: StorageOptions) => Promise<string>;
-  setLocale: (value: string, options?: StorageOptions) => Promise<void>;
-  getMainWindowSize: (options?: StorageOptions) => Promise<number>;
-  setMainWindowSize: (value: number, options?: StorageOptions) => Promise<void>;
   getMinimizeOnCopyToClipboard: (options?: StorageOptions) => Promise<boolean>;
   setMinimizeOnCopyToClipboard: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getOpenAtLogin: (options?: StorageOptions) => Promise<boolean>;
-  setOpenAtLogin: (value: boolean, options?: StorageOptions) => Promise<void>;
   getOrganizationInvitation: (options?: StorageOptions) => Promise<any>;
   setOrganizationInvitation: (value: any, options?: StorageOptions) => Promise<void>;
   getPasswordGenerationOptions: (options?: StorageOptions) => Promise<PasswordGeneratorOptions>;
@@ -278,29 +234,15 @@ export abstract class StateService<T extends Account = Account> {
    * Sets the user's Pin, encrypted by the user key
    */
   setProtectedPin: (value: string, options?: StorageOptions) => Promise<void>;
-  getRememberedEmail: (options?: StorageOptions) => Promise<string>;
-  setRememberedEmail: (value: string, options?: StorageOptions) => Promise<void>;
   getSecurityStamp: (options?: StorageOptions) => Promise<string>;
   setSecurityStamp: (value: string, options?: StorageOptions) => Promise<void>;
   getUserId: (options?: StorageOptions) => Promise<string>;
-  getUsesKeyConnector: (options?: StorageOptions) => Promise<boolean>;
-  setUsesKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
   getVaultTimeout: (options?: StorageOptions) => Promise<number>;
   setVaultTimeout: (value: number, options?: StorageOptions) => Promise<void>;
   getVaultTimeoutAction: (options?: StorageOptions) => Promise<string>;
   setVaultTimeoutAction: (value: string, options?: StorageOptions) => Promise<void>;
   getApproveLoginRequests: (options?: StorageOptions) => Promise<boolean>;
   setApproveLoginRequests: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getWindow: () => Promise<WindowState>;
-  setWindow: (value: WindowState) => Promise<void>;
-  /**
-   * @deprecated Do not call this directly, use ConfigService
-   */
-  getServerConfig: (options?: StorageOptions) => Promise<ServerConfigData>;
-  /**
-   * @deprecated Do not call this directly, use ConfigService
-   */
-  setServerConfig: (value: ServerConfigData, options?: StorageOptions) => Promise<void>;
   /**
    * fetches string value of URL user tried to navigate to while unauthenticated.
    * @param options Defines the storage options for the URL; Defaults to session Storage.
diff --git a/libs/common/src/platform/abstractions/system.service.ts b/libs/common/src/platform/abstractions/system.service.ts
index 5a7e11f9a1..204e336fbf 100644
--- a/libs/common/src/platform/abstractions/system.service.ts
+++ b/libs/common/src/platform/abstractions/system.service.ts
@@ -1,8 +1,8 @@
 import { AuthService } from "../../auth/abstractions/auth.service";
 
 export abstract class SystemService {
-  startProcessReload: (authService: AuthService) => Promise<void>;
-  cancelProcessReload: () => void;
-  clearClipboard: (clipboardValue: string, timeoutMs?: number) => Promise<void>;
-  clearPendingClipboard: () => Promise<any>;
+  abstract startProcessReload(authService: AuthService): Promise<void>;
+  abstract cancelProcessReload(): void;
+  abstract clearClipboard(clipboardValue: string, timeoutMs?: number): Promise<void>;
+  abstract clearPendingClipboard(): Promise<any>;
 }
diff --git a/libs/common/src/platform/abstractions/translation.service.ts b/libs/common/src/platform/abstractions/translation.service.ts
index 797965038a..8a8faff1d8 100644
--- a/libs/common/src/platform/abstractions/translation.service.ts
+++ b/libs/common/src/platform/abstractions/translation.service.ts
@@ -1,8 +1,8 @@
 export abstract class TranslationService {
-  supportedTranslationLocales: string[];
-  translationLocale: string;
-  collator: Intl.Collator;
-  localeNames: Map<string, string>;
-  t: (id: string, p1?: string | number, p2?: string | number, p3?: string | number) => string;
-  translate: (id: string, p1?: string, p2?: string, p3?: string) => string;
+  abstract supportedTranslationLocales: string[];
+  abstract translationLocale: string;
+  abstract collator: Intl.Collator;
+  abstract localeNames: Map<string, string>;
+  abstract t(id: string, p1?: string | number, p2?: string | number, p3?: string | number): string;
+  abstract translate(id: string, p1?: string, p2?: string, p3?: string): string;
 }
diff --git a/libs/common/src/platform/abstractions/validation.service.ts b/libs/common/src/platform/abstractions/validation.service.ts
index c0985847bf..b5aa71381a 100644
--- a/libs/common/src/platform/abstractions/validation.service.ts
+++ b/libs/common/src/platform/abstractions/validation.service.ts
@@ -1,3 +1,3 @@
 export abstract class ValidationService {
-  showError: (data: any) => string[];
+  abstract showError(data: any): string[];
 }
diff --git a/libs/common/src/platform/biometrics/biometric-state.service.spec.ts b/libs/common/src/platform/biometrics/biometric-state.service.spec.ts
index 716ad627c1..097428e16a 100644
--- a/libs/common/src/platform/biometrics/biometric-state.service.spec.ts
+++ b/libs/common/src/platform/biometrics/biometric-state.service.spec.ts
@@ -1,8 +1,8 @@
 import { firstValueFrom } from "rxjs";
 
-import { makeEncString } from "../../../spec";
-import { mockAccountServiceWith } from "../../../spec/fake-account-service";
-import { FakeSingleUserState } from "../../../spec/fake-state";
+import { makeEncString, trackEmissions } from "../../../spec";
+import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
+import { FakeGlobalState, FakeSingleUserState } from "../../../spec/fake-state";
 import { FakeStateProvider } from "../../../spec/fake-state-provider";
 import { UserId } from "../../types/guid";
 import { EncryptedString } from "../models/domain/enc-string";
@@ -23,10 +23,11 @@ describe("BiometricStateService", () => {
   const userId = "userId" as UserId;
   const encClientKeyHalf = makeEncString();
   const encryptedClientKeyHalf = encClientKeyHalf.encryptedString;
-  const accountService = mockAccountServiceWith(userId);
+  let accountService: FakeAccountService;
   let stateProvider: FakeStateProvider;
 
   beforeEach(() => {
+    accountService = mockAccountServiceWith(userId);
     stateProvider = new FakeStateProvider(accountService);
 
     sut = new DefaultBiometricStateService(stateProvider);
@@ -145,19 +146,89 @@ describe("BiometricStateService", () => {
   });
 
   describe("setPromptCancelled", () => {
+    let existingState: Record<UserId, boolean>;
+
+    beforeEach(() => {
+      existingState = { ["otherUser" as UserId]: false };
+      stateProvider.global.getFake(PROMPT_CANCELLED).stateSubject.next(existingState);
+    });
+
     test("observable is updated", async () => {
-      await sut.setPromptCancelled();
+      await sut.setUserPromptCancelled();
 
       expect(await firstValueFrom(sut.promptCancelled$)).toBe(true);
     });
 
     it("updates state", async () => {
-      await sut.setPromptCancelled();
+      await sut.setUserPromptCancelled();
 
-      const nextMock = stateProvider.activeUser.getFake(PROMPT_CANCELLED).nextMock;
-      expect(nextMock).toHaveBeenCalledWith([userId, true]);
+      const nextMock = stateProvider.global.getFake(PROMPT_CANCELLED).nextMock;
+      expect(nextMock).toHaveBeenCalledWith({ ...existingState, [userId]: true });
       expect(nextMock).toHaveBeenCalledTimes(1);
     });
+
+    it("throws when called with no active user", async () => {
+      await accountService.switchAccount(null);
+      await expect(sut.setUserPromptCancelled()).rejects.toThrow(
+        "Cannot update biometric prompt cancelled state without an active user",
+      );
+      const nextMock = stateProvider.global.getFake(PROMPT_CANCELLED).nextMock;
+      expect(nextMock).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("resetAllPromptCancelled", () => {
+    it("deletes all prompt cancelled state", async () => {
+      await sut.resetAllPromptCancelled();
+
+      const nextMock = stateProvider.global.getFake(PROMPT_CANCELLED).nextMock;
+      expect(nextMock).toHaveBeenCalledWith(null);
+      expect(nextMock).toHaveBeenCalledTimes(1);
+    });
+
+    it("updates observable to false", async () => {
+      const emissions = trackEmissions(sut.promptCancelled$);
+
+      await sut.setUserPromptCancelled();
+
+      await sut.resetAllPromptCancelled();
+
+      expect(emissions).toEqual([false, true, false]);
+    });
+  });
+
+  describe("resetUserPromptCancelled", () => {
+    let existingState: Record<UserId, boolean>;
+    let state: FakeGlobalState<Record<UserId, boolean>>;
+
+    beforeEach(async () => {
+      await accountService.switchAccount(userId);
+      existingState = { [userId]: true, ["otherUser" as UserId]: false };
+      state = stateProvider.global.getFake(PROMPT_CANCELLED);
+      state.stateSubject.next(existingState);
+    });
+
+    it("deletes specified user prompt cancelled state", async () => {
+      await sut.resetUserPromptCancelled("otherUser" as UserId);
+
+      expect(state.nextMock).toHaveBeenCalledWith({ [userId]: true });
+      expect(state.nextMock).toHaveBeenCalledTimes(1);
+    });
+
+    it("deletes active user when called with no user", async () => {
+      await sut.resetUserPromptCancelled();
+
+      expect(state.nextMock).toHaveBeenCalledWith({ ["otherUser" as UserId]: false });
+      expect(state.nextMock).toHaveBeenCalledTimes(1);
+    });
+
+    it("updates observable to false", async () => {
+      const emissions = trackEmissions(sut.promptCancelled$);
+
+      await sut.resetUserPromptCancelled();
+
+      expect(emissions).toEqual([true, false]);
+    });
   });
 
   describe("setPromptAutomatically", () => {
diff --git a/libs/common/src/platform/biometrics/biometric-state.service.ts b/libs/common/src/platform/biometrics/biometric-state.service.ts
index 2047d137b5..20bba49717 100644
--- a/libs/common/src/platform/biometrics/biometric-state.service.ts
+++ b/libs/common/src/platform/biometrics/biometric-state.service.ts
@@ -1,4 +1,4 @@
-import { Observable, firstValueFrom, map } from "rxjs";
+import { Observable, firstValueFrom, map, combineLatest } from "rxjs";
 
 import { UserId } from "../../types/guid";
 import { EncryptedString, EncString } from "../models/domain/enc-string";
@@ -18,42 +18,42 @@ export abstract class BiometricStateService {
   /**
    * `true` if the currently active user has elected to store a biometric key to unlock their vault.
    */
-  biometricUnlockEnabled$: Observable<boolean>; // used to be biometricUnlock
+  abstract biometricUnlockEnabled$: Observable<boolean>; // used to be biometricUnlock
   /**
    * If the user has elected to require a password on first unlock of an application instance, this key will store the
    * encrypted client key half used to unlock the vault.
    *
    * Tracks the currently active user
    */
-  encryptedClientKeyHalf$: Observable<EncString | undefined>;
+  abstract encryptedClientKeyHalf$: Observable<EncString | undefined>;
   /**
    * whether or not a password is required on first unlock after opening the application
    *
    * tracks the currently active user
    */
-  requirePasswordOnStart$: Observable<boolean>;
+  abstract requirePasswordOnStart$: Observable<boolean>;
   /**
    * Indicates the user has been warned about the security implications of using biometrics and, depending on the OS,
    *
    * tracks the currently active user.
    */
-  dismissedRequirePasswordOnStartCallout$: Observable<boolean>;
+  abstract dismissedRequirePasswordOnStartCallout$: Observable<boolean>;
   /**
    * Whether the user has cancelled the biometric prompt.
    *
    * tracks the currently active user
    */
-  promptCancelled$: Observable<boolean>;
+  abstract promptCancelled$: Observable<boolean>;
   /**
    * Whether the user has elected to automatically prompt for biometrics.
    *
    * tracks the currently active user
    */
-  promptAutomatically$: Observable<boolean>;
+  abstract promptAutomatically$: Observable<boolean>;
   /**
    * Whether or not IPC fingerprint has been validated by the user this session.
    */
-  fingerprintValidated$: Observable<boolean>;
+  abstract fingerprintValidated$: Observable<boolean>;
 
   /**
    * Updates the require password on start state for the currently active user.
@@ -81,13 +81,18 @@ export abstract class BiometricStateService {
    */
   abstract setDismissedRequirePasswordOnStartCallout(): Promise<void>;
   /**
-   * Updates the active user's state to reflect that they've cancelled the biometric prompt this lock.
+   * Updates the active user's state to reflect that they've cancelled the biometric prompt.
    */
-  abstract setPromptCancelled(): Promise<void>;
+  abstract setUserPromptCancelled(): Promise<void>;
   /**
-   * Resets the active user's state to reflect that they haven't cancelled the biometric prompt this lock.
+   * Resets the given user's state to reflect that they haven't cancelled the biometric prompt.
+   * @param userId the user to reset the prompt cancelled state for. If not provided, the currently active user will be used.
    */
-  abstract resetPromptCancelled(): Promise<void>;
+  abstract resetUserPromptCancelled(userId?: UserId): Promise<void>;
+  /**
+   * Resets all user's state to reflect that they haven't cancelled the biometric prompt.
+   */
+  abstract resetAllPromptCancelled(): Promise<void>;
   /**
    * Updates the currently active user's setting for auto prompting for biometrics on application start and lock
    * @param prompt Whether or not to prompt for biometrics on application start.
@@ -107,7 +112,7 @@ export class DefaultBiometricStateService implements BiometricStateService {
   private requirePasswordOnStartState: ActiveUserState<boolean>;
   private encryptedClientKeyHalfState: ActiveUserState<EncryptedString | undefined>;
   private dismissedRequirePasswordOnStartCalloutState: ActiveUserState<boolean>;
-  private promptCancelledState: ActiveUserState<boolean>;
+  private promptCancelledState: GlobalState<Record<UserId, boolean>>;
   private promptAutomaticallyState: ActiveUserState<boolean>;
   private fingerprintValidatedState: GlobalState<boolean>;
   biometricUnlockEnabled$: Observable<boolean>;
@@ -138,8 +143,15 @@ export class DefaultBiometricStateService implements BiometricStateService {
     this.dismissedRequirePasswordOnStartCallout$ =
       this.dismissedRequirePasswordOnStartCalloutState.state$.pipe(map(Boolean));
 
-    this.promptCancelledState = this.stateProvider.getActive(PROMPT_CANCELLED);
-    this.promptCancelled$ = this.promptCancelledState.state$.pipe(map(Boolean));
+    this.promptCancelledState = this.stateProvider.getGlobal(PROMPT_CANCELLED);
+    this.promptCancelled$ = combineLatest([
+      this.stateProvider.activeUserId$,
+      this.promptCancelledState.state$,
+    ]).pipe(
+      map(([userId, record]) => {
+        return record?.[userId] ?? false;
+      }),
+    );
     this.promptAutomaticallyState = this.stateProvider.getActive(PROMPT_AUTOMATICALLY);
     this.promptAutomatically$ = this.promptAutomaticallyState.state$.pipe(map(Boolean));
 
@@ -202,7 +214,7 @@ export class DefaultBiometricStateService implements BiometricStateService {
 
   async logout(userId: UserId): Promise<void> {
     await this.stateProvider.getUser(userId, ENCRYPTED_CLIENT_KEY_HALF).update(() => null);
-    await this.stateProvider.getUser(userId, PROMPT_CANCELLED).update(() => null);
+    await this.resetUserPromptCancelled(userId);
     // Persist auto prompt setting through logout
     // Persist dismissed require password on start callout through logout
   }
@@ -211,11 +223,41 @@ export class DefaultBiometricStateService implements BiometricStateService {
     await this.dismissedRequirePasswordOnStartCalloutState.update(() => true);
   }
 
-  async setPromptCancelled(): Promise<void> {
-    await this.promptCancelledState.update(() => true);
+  async resetUserPromptCancelled(userId: UserId): Promise<void> {
+    await this.stateProvider.getGlobal(PROMPT_CANCELLED).update(
+      (data, activeUserId) => {
+        delete data[userId ?? activeUserId];
+        return data;
+      },
+      {
+        combineLatestWith: this.stateProvider.activeUserId$,
+        shouldUpdate: (data, activeUserId) => data?.[userId ?? activeUserId] != null,
+      },
+    );
   }
 
-  async resetPromptCancelled(): Promise<void> {
+  async setUserPromptCancelled(): Promise<void> {
+    await this.promptCancelledState.update(
+      (record, userId) => {
+        record ??= {};
+        record[userId] = true;
+        return record;
+      },
+      {
+        combineLatestWith: this.stateProvider.activeUserId$,
+        shouldUpdate: (_, userId) => {
+          if (userId == null) {
+            throw new Error(
+              "Cannot update biometric prompt cancelled state without an active user",
+            );
+          }
+          return true;
+        },
+      },
+    );
+  }
+
+  async resetAllPromptCancelled(): Promise<void> {
     await this.promptCancelledState.update(() => null);
   }
 
diff --git a/libs/common/src/platform/biometrics/biometric.state.spec.ts b/libs/common/src/platform/biometrics/biometric.state.spec.ts
index a3b110c77c..420a0fb86e 100644
--- a/libs/common/src/platform/biometrics/biometric.state.spec.ts
+++ b/libs/common/src/platform/biometrics/biometric.state.spec.ts
@@ -14,7 +14,7 @@ import {
 describe.each([
   [ENCRYPTED_CLIENT_KEY_HALF, "encryptedClientKeyHalf"],
   [DISMISSED_REQUIRE_PASSWORD_ON_START_CALLOUT, true],
-  [PROMPT_CANCELLED, true],
+  [PROMPT_CANCELLED, { userId1: true, userId2: false }],
   [PROMPT_AUTOMATICALLY, true],
   [REQUIRE_PASSWORD_ON_START, true],
   [BIOMETRIC_UNLOCK_ENABLED, true],
diff --git a/libs/common/src/platform/biometrics/biometric.state.ts b/libs/common/src/platform/biometrics/biometric.state.ts
index a5041ca8d0..aa16e14baa 100644
--- a/libs/common/src/platform/biometrics/biometric.state.ts
+++ b/libs/common/src/platform/biometrics/biometric.state.ts
@@ -1,3 +1,4 @@
+import { UserId } from "../../types/guid";
 import { EncryptedString } from "../models/domain/enc-string";
 import { KeyDefinition, BIOMETRIC_SETTINGS_DISK } from "../state";
 
@@ -56,7 +57,7 @@ export const DISMISSED_REQUIRE_PASSWORD_ON_START_CALLOUT = new KeyDefinition<boo
  * Stores whether the user has elected to cancel the biometric prompt. This is stored on disk due to process-reload
  * wiping memory state. We don't want to prompt the user again if they've elected to cancel.
  */
-export const PROMPT_CANCELLED = new KeyDefinition<boolean>(
+export const PROMPT_CANCELLED = KeyDefinition.record<boolean, UserId>(
   BIOMETRIC_SETTINGS_DISK,
   "promptCancelled",
   {
diff --git a/libs/common/src/platform/models/domain/account-keys.spec.ts b/libs/common/src/platform/models/domain/account-keys.spec.ts
index 7041acc5ba..4a96da1b48 100644
--- a/libs/common/src/platform/models/domain/account-keys.spec.ts
+++ b/libs/common/src/platform/models/domain/account-keys.spec.ts
@@ -1,6 +1,4 @@
 import { makeStaticByteArray } from "../../../../spec";
-import { CsprngArray } from "../../../types/csprng";
-import { DeviceKey } from "../../../types/key";
 import { Utils } from "../../misc/utils";
 
 import { AccountKeys, EncryptionPair } from "./account";
@@ -24,23 +22,6 @@ describe("AccountKeys", () => {
       const json = JSON.stringify(keys);
       expect(json).toContain('"publicKey":"hello"');
     });
-
-    // As the accountKeys.toJSON doesn't really serialize the device key
-    // this method just checks the persistence of the deviceKey
-    it("should persist deviceKey", () => {
-      // Arrange
-      const accountKeys = new AccountKeys();
-      const deviceKeyBytesLength = 64;
-      accountKeys.deviceKey = new SymmetricCryptoKey(
-        new Uint8Array(deviceKeyBytesLength).buffer as CsprngArray,
-      ) as DeviceKey;
-
-      // Act
-      const serializedKeys = accountKeys.toJSON();
-
-      // Assert
-      expect(serializedKeys.deviceKey).toEqual(accountKeys.deviceKey);
-    });
   });
 
   describe("fromJSON", () => {
@@ -64,24 +45,5 @@ describe("AccountKeys", () => {
       } as any);
       expect(spy).toHaveBeenCalled();
     });
-
-    it("should deserialize deviceKey", () => {
-      // Arrange
-      const expectedKeyB64 =
-        "ZJNnhx9BbJeb2EAq1hlMjqt6GFsg9G/GzoFf6SbPKsaiMhKGDcbHcwcyEg56Lh8lfilpZz4SRM6UA7oFCg+lSg==";
-
-      const symmetricCryptoKeyFromJsonSpy = jest.spyOn(SymmetricCryptoKey, "fromJSON");
-
-      // Act
-      const accountKeys = AccountKeys.fromJSON({
-        deviceKey: {
-          keyB64: expectedKeyB64,
-        },
-      } as any);
-
-      // Assert
-      expect(symmetricCryptoKeyFromJsonSpy).toHaveBeenCalled();
-      expect(accountKeys.deviceKey.keyB64).toEqual(expectedKeyB64);
-    });
   });
 });
diff --git a/libs/common/src/platform/models/domain/account.ts b/libs/common/src/platform/models/domain/account.ts
index 460ce25c15..798a60600a 100644
--- a/libs/common/src/platform/models/domain/account.ts
+++ b/libs/common/src/platform/models/domain/account.ts
@@ -2,9 +2,6 @@ import { Jsonify } from "type-fest";
 
 import { AdminAuthRequestStorable } from "../../../auth/models/domain/admin-auth-req-storable";
 import { ForceSetPasswordReason } from "../../../auth/models/domain/force-set-password-reason";
-import { KeyConnectorUserDecryptionOption } from "../../../auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
-import { TrustedDeviceUserDecryptionOption } from "../../../auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
-import { IdentityTokenResponse } from "../../../auth/models/response/identity-token.response";
 import { UriMatchStrategySetting } from "../../../models/domain/domain-service";
 import { GeneratorOptions } from "../../../tools/generator/generator-options";
 import {
@@ -21,7 +18,6 @@ import { CipherView } from "../../../vault/models/view/cipher.view";
 import { AddEditCipherInfo } from "../../../vault/types/add-edit-cipher-info";
 import { KdfType } from "../../enums";
 import { Utils } from "../../misc/utils";
-import { ServerConfigData } from "../../models/data/server-config.data";
 
 import { EncryptedString, EncString } from "./enc-string";
 import { SymmetricCryptoKey } from "./symmetric-crypto-key";
@@ -69,13 +65,6 @@ export class DataEncryptionPair<TEncrypted, TDecrypted> {
   decrypted?: TDecrypted[];
 }
 
-// This is a temporary structure to handle migrated `DataEncryptionPair` to
-//  avoid needing a data migration at this stage. It should be replaced with
-//  proper data migrations when `DataEncryptionPair` is deprecated.
-export class TemporaryDataEncryption<TEncrypted> {
-  encrypted?: { [id: string]: TEncrypted };
-}
-
 export class AccountData {
   ciphers?: DataEncryptionPair<CipherData, CipherView> = new DataEncryptionPair<
     CipherData,
@@ -106,7 +95,6 @@ export class AccountData {
 export class AccountKeys {
   masterKey?: MasterKey;
   masterKeyEncryptedUserKey?: string;
-  deviceKey?: ReturnType<SymmetricCryptoKey["toJSON"]>;
   publicKey?: Uint8Array;
 
   /** @deprecated July 2023, left for migration purposes*/
@@ -136,7 +124,6 @@ export class AccountKeys {
     }
     return Object.assign(new AccountKeys(), obj, {
       masterKey: SymmetricCryptoKey.fromJSON(obj?.masterKey),
-      deviceKey: obj?.deviceKey,
       cryptoMasterKey: SymmetricCryptoKey.fromJSON(obj?.cryptoMasterKey),
       cryptoSymmetricKey: EncryptionPair.fromJSON(
         obj?.cryptoSymmetricKey,
@@ -162,7 +149,6 @@ export class AccountKeys {
 }
 
 export class AccountProfile {
-  convertAccountToKeyConnector?: boolean;
   name?: string;
   email?: string;
   emailVerified?: boolean;
@@ -170,7 +156,6 @@ export class AccountProfile {
   forceSetPasswordReason?: ForceSetPasswordReason;
   lastSync?: string;
   userId?: string;
-  usesKeyConnector?: boolean;
   keyHash?: string;
   kdfIterations?: number;
   kdfMemory?: number;
@@ -188,9 +173,6 @@ export class AccountProfile {
 
 export class AccountSettings {
   defaultUriMatch?: UriMatchStrategySetting;
-  disableGa?: boolean;
-  enableAlwaysOnTop?: boolean;
-  enableBiometric?: boolean;
   minimizeOnCopyToClipboard?: boolean;
   passwordGenerationOptions?: PasswordGeneratorOptions;
   usernameGenerationOptions?: UsernameGeneratorOptions;
@@ -200,10 +182,7 @@ export class AccountSettings {
   protectedPin?: string;
   vaultTimeout?: number;
   vaultTimeoutAction?: string = "lock";
-  serverConfig?: ServerConfigData;
   approveLoginRequests?: boolean;
-  avatarColor?: string;
-  trustDeviceChoiceForDecryption?: boolean;
 
   /** @deprecated July 2023, left for migration purposes*/
   pinProtected?: EncryptionPair<string, EncString> = new EncryptionPair<string, EncString>();
@@ -218,7 +197,6 @@ export class AccountSettings {
         obj?.pinProtected,
         EncString.fromJSON,
       ),
-      serverConfig: ServerConfigData.fromJSON(obj?.serverConfig),
     });
   }
 }
@@ -235,103 +213,12 @@ export class AccountTokens {
   }
 }
 
-export class AccountDecryptionOptions {
-  hasMasterPassword: boolean;
-  trustedDeviceOption?: TrustedDeviceUserDecryptionOption;
-  keyConnectorOption?: KeyConnectorUserDecryptionOption;
-
-  constructor(init?: Partial<AccountDecryptionOptions>) {
-    if (init) {
-      Object.assign(this, init);
-    }
-  }
-
-  // TODO: these nice getters don't work because the Account object is not properly being deserialized out of
-  // JSON (the Account static fromJSON method is not running) so these getters don't exist on the
-  // account decryptions options object when pulled out of state.  This is a bug that needs to be fixed later on
-  // get hasTrustedDeviceOption(): boolean {
-  //   return this.trustedDeviceOption !== null && this.trustedDeviceOption !== undefined;
-  // }
-
-  // get hasKeyConnectorOption(): boolean {
-  //   return this.keyConnectorOption !== null && this.keyConnectorOption !== undefined;
-  // }
-
-  static fromResponse(response: IdentityTokenResponse): AccountDecryptionOptions {
-    if (response == null) {
-      return null;
-    }
-
-    const accountDecryptionOptions = new AccountDecryptionOptions();
-
-    if (response.userDecryptionOptions) {
-      // If the response has userDecryptionOptions, this means it's on a post-TDE server version and can interrogate
-      // the new decryption options.
-      const responseOptions = response.userDecryptionOptions;
-      accountDecryptionOptions.hasMasterPassword = responseOptions.hasMasterPassword;
-
-      if (responseOptions.trustedDeviceOption) {
-        accountDecryptionOptions.trustedDeviceOption = new TrustedDeviceUserDecryptionOption(
-          responseOptions.trustedDeviceOption.hasAdminApproval,
-          responseOptions.trustedDeviceOption.hasLoginApprovingDevice,
-          responseOptions.trustedDeviceOption.hasManageResetPasswordPermission,
-        );
-      }
-
-      if (responseOptions.keyConnectorOption) {
-        accountDecryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption(
-          responseOptions.keyConnectorOption.keyConnectorUrl,
-        );
-      }
-    } else {
-      // If the response does not have userDecryptionOptions, this means it's on a pre-TDE server version and so
-      // we must base our decryption options on the presence of the keyConnectorUrl.
-      // Note that the presence of keyConnectorUrl implies that the user does not have a master password, as in pre-TDE
-      // server versions, a master password short-circuited the addition of the keyConnectorUrl to the response.
-      // TODO: remove this check after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3537)
-      const usingKeyConnector = response.keyConnectorUrl != null;
-      accountDecryptionOptions.hasMasterPassword = !usingKeyConnector;
-      if (usingKeyConnector) {
-        accountDecryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption(
-          response.keyConnectorUrl,
-        );
-      }
-    }
-    return accountDecryptionOptions;
-  }
-
-  static fromJSON(obj: Jsonify<AccountDecryptionOptions>): AccountDecryptionOptions {
-    if (obj == null) {
-      return null;
-    }
-
-    const accountDecryptionOptions = Object.assign(new AccountDecryptionOptions(), obj);
-
-    if (obj.trustedDeviceOption) {
-      accountDecryptionOptions.trustedDeviceOption = new TrustedDeviceUserDecryptionOption(
-        obj.trustedDeviceOption.hasAdminApproval,
-        obj.trustedDeviceOption.hasLoginApprovingDevice,
-        obj.trustedDeviceOption.hasManageResetPasswordPermission,
-      );
-    }
-
-    if (obj.keyConnectorOption) {
-      accountDecryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption(
-        obj.keyConnectorOption.keyConnectorUrl,
-      );
-    }
-
-    return accountDecryptionOptions;
-  }
-}
-
 export class Account {
   data?: AccountData = new AccountData();
   keys?: AccountKeys = new AccountKeys();
   profile?: AccountProfile = new AccountProfile();
   settings?: AccountSettings = new AccountSettings();
   tokens?: AccountTokens = new AccountTokens();
-  decryptionOptions?: AccountDecryptionOptions = new AccountDecryptionOptions();
   adminAuthRequest?: Jsonify<AdminAuthRequestStorable> = null;
 
   constructor(init: Partial<Account>) {
@@ -356,10 +243,6 @@ export class Account {
         ...new AccountTokens(),
         ...init?.tokens,
       },
-      decryptionOptions: {
-        ...new AccountDecryptionOptions(),
-        ...init?.decryptionOptions,
-      },
       adminAuthRequest: init?.adminAuthRequest,
     });
   }
@@ -375,7 +258,6 @@ export class Account {
       profile: AccountProfile.fromJSON(json?.profile),
       settings: AccountSettings.fromJSON(json?.settings),
       tokens: AccountTokens.fromJSON(json?.tokens),
-      decryptionOptions: AccountDecryptionOptions.fromJSON(json?.decryptionOptions),
       adminAuthRequest: AdminAuthRequestStorable.fromJSON(json?.adminAuthRequest),
     });
   }
diff --git a/libs/common/src/platform/models/domain/global-state.ts b/libs/common/src/platform/models/domain/global-state.ts
index b27bac3bd4..cb9e3f71b3 100644
--- a/libs/common/src/platform/models/domain/global-state.ts
+++ b/libs/common/src/platform/models/domain/global-state.ts
@@ -1,28 +1,8 @@
-import { WindowState } from "../../../models/domain/window-state";
-import { ThemeType } from "../../enums";
-
 export class GlobalState {
-  enableAlwaysOnTop?: boolean;
-  installedVersion?: string;
-  locale?: string;
   organizationInvitation?: any;
-  rememberedEmail?: string;
-  theme?: ThemeType = ThemeType.System;
-  window?: WindowState = new WindowState();
-  twoFactorToken?: string;
-  biometricFingerprintValidated?: boolean;
   vaultTimeout?: number;
   vaultTimeoutAction?: string;
-  loginRedirect?: any;
-  mainWindowSize?: number;
-  enableTray?: boolean;
-  enableMinimizeToTray?: boolean;
-  enableCloseToTray?: boolean;
-  enableStartToTray?: boolean;
-  openAtLogin?: boolean;
-  alwaysShowDock?: boolean;
   enableBrowserIntegration?: boolean;
   enableBrowserIntegrationFingerprint?: boolean;
-  enableDuckDuckGoBrowserIntegration?: boolean;
   deepLinkRedirectUrl?: string;
 }
diff --git a/libs/common/src/platform/services/config/config-api.service.ts b/libs/common/src/platform/services/config/config-api.service.ts
index 702c38f53c..f283410ace 100644
--- a/libs/common/src/platform/services/config/config-api.service.ts
+++ b/libs/common/src/platform/services/config/config-api.service.ts
@@ -1,18 +1,20 @@
 import { ApiService } from "../../../abstractions/api.service";
-import { AuthService } from "../../../auth/abstractions/auth.service";
-import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
+import { TokenService } from "../../../auth/abstractions/token.service";
+import { UserId } from "../../../types/guid";
 import { ConfigApiServiceAbstraction } from "../../abstractions/config/config-api.service.abstraction";
 import { ServerConfigResponse } from "../../models/response/server-config.response";
 
 export class ConfigApiService implements ConfigApiServiceAbstraction {
   constructor(
     private apiService: ApiService,
-    private authService: AuthService,
+    private tokenService: TokenService,
   ) {}
 
-  async get(): Promise<ServerConfigResponse> {
+  async get(userId: UserId | undefined): Promise<ServerConfigResponse> {
+    // Authentication adds extra context to config responses, if the user has an access token, we want to use it
+    // We don't particularly care about ensuring the token is valid and not expired, just that it exists
     const authed: boolean =
-      (await this.authService.getAuthStatus()) !== AuthenticationStatus.LoggedOut;
+      userId == null ? false : (await this.tokenService.getAccessToken(userId)) != null;
 
     const r = await this.apiService.send("GET", "/config", null, authed, true);
     return new ServerConfigResponse(r);
diff --git a/libs/common/src/platform/services/config/config.service.spec.ts b/libs/common/src/platform/services/config/config.service.spec.ts
index 2b09e7e9bf..d643311a26 100644
--- a/libs/common/src/platform/services/config/config.service.spec.ts
+++ b/libs/common/src/platform/services/config/config.service.spec.ts
@@ -1,13 +1,25 @@
-import { MockProxy, mock } from "jest-mock-extended";
-import { ReplaySubject, skip, take } from "rxjs";
+/**
+ * need to update test environment so structuredClone works appropriately
+ * @jest-environment ../../libs/shared/test.environment.ts
+ */
 
-import { AuthService } from "../../../auth/abstractions/auth.service";
-import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
+import { mock } from "jest-mock-extended";
+import { Subject, firstValueFrom, of } from "rxjs";
+
+import {
+  FakeGlobalState,
+  FakeSingleUserState,
+  FakeStateProvider,
+  awaitAsync,
+  mockAccountServiceWith,
+} from "../../../../spec";
+import { subscribeTo } from "../../../../spec/observable-tracker";
+import { UserId } from "../../../types/guid";
 import { ConfigApiServiceAbstraction } from "../../abstractions/config/config-api.service.abstraction";
 import { ServerConfig } from "../../abstractions/config/server-config";
-import { EnvironmentService } from "../../abstractions/environment.service";
+import { Environment, EnvironmentService } from "../../abstractions/environment.service";
 import { LogService } from "../../abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
+import { Utils } from "../../misc/utils";
 import { ServerConfigData } from "../../models/data/server-config.data";
 import {
   EnvironmentServerConfigResponse,
@@ -15,177 +27,238 @@ import {
   ThirdPartyServerConfigResponse,
 } from "../../models/response/server-config.response";
 
-import { ConfigService } from "./config.service";
+import {
+  ApiUrl,
+  DefaultConfigService,
+  RETRIEVAL_INTERVAL,
+  GLOBAL_SERVER_CONFIGURATIONS,
+  USER_SERVER_CONFIG,
+} from "./default-config.service";
 
 describe("ConfigService", () => {
-  let stateService: MockProxy<StateService>;
-  let configApiService: MockProxy<ConfigApiServiceAbstraction>;
-  let authService: MockProxy<AuthService>;
-  let environmentService: MockProxy<EnvironmentService>;
-  let logService: MockProxy<LogService>;
-
-  let serverResponseCount: number; // increments to track distinct responses received from server
-
-  // Observables will start emitting as soon as this is created, so only create it
-  // after everything is mocked
-  const configServiceFactory = () => {
-    const configService = new ConfigService(
-      stateService,
-      configApiService,
-      authService,
-      environmentService,
-      logService,
-    );
-    configService.init();
-    return configService;
-  };
+  const configApiService = mock<ConfigApiServiceAbstraction>();
+  const environmentService = mock<EnvironmentService>();
+  const logService = mock<LogService>();
+  let stateProvider: FakeStateProvider;
+  let globalState: FakeGlobalState<Record<ApiUrl, ServerConfig>>;
+  let userState: FakeSingleUserState<ServerConfig>;
+  const activeApiUrl = apiUrl(0);
+  const userId = "userId" as UserId;
+  const accountService = mockAccountServiceWith(userId);
+  const tooOld = new Date(Date.now() - 1.1 * RETRIEVAL_INTERVAL);
 
   beforeEach(() => {
-    stateService = mock();
-    configApiService = mock();
-    authService = mock();
-    environmentService = mock();
-    logService = mock();
-
-    environmentService.urls = new ReplaySubject<void>(1);
-
-    serverResponseCount = 1;
-    configApiService.get.mockImplementation(() =>
-      Promise.resolve(serverConfigResponseFactory("server" + serverResponseCount++)),
-    );
-
-    jest.useFakeTimers();
+    stateProvider = new FakeStateProvider(accountService);
+    globalState = stateProvider.global.getFake(GLOBAL_SERVER_CONFIGURATIONS);
+    userState = stateProvider.singleUser.getFake(userId, USER_SERVER_CONFIG);
   });
 
   afterEach(() => {
-    jest.useRealTimers();
+    jest.resetAllMocks();
   });
 
-  it("Uses storage as fallback", (done) => {
-    const storedConfigData = serverConfigDataFactory("storedConfig");
-    stateService.getServerConfig.mockResolvedValueOnce(storedConfigData);
+  describe.each([null, userId])("active user: %s", (activeUserId) => {
+    let sut: DefaultConfigService;
 
-    configApiService.get.mockRejectedValueOnce(new Error("Unable to fetch"));
-
-    const configService = configServiceFactory();
-
-    configService.serverConfig$.pipe(take(1)).subscribe((config) => {
-      expect(config).toEqual(new ServerConfig(storedConfigData));
-      expect(stateService.getServerConfig).toHaveBeenCalledTimes(1);
-      expect(stateService.setServerConfig).not.toHaveBeenCalled();
-      done();
+    beforeAll(async () => {
+      await accountService.switchAccount(activeUserId);
     });
 
-    configService.triggerServerConfigFetch();
-  });
-
-  it("Stream does not error out if fetch fails", (done) => {
-    const storedConfigData = serverConfigDataFactory("storedConfig");
-    stateService.getServerConfig.mockResolvedValueOnce(storedConfigData);
-
-    const configService = configServiceFactory();
-
-    configService.serverConfig$.pipe(skip(1), take(1)).subscribe((config) => {
-      try {
-        expect(config.gitHash).toEqual("server1");
-        done();
-      } catch (e) {
-        done(e);
-      }
-    });
-
-    configApiService.get.mockRejectedValueOnce(new Error("Unable to fetch"));
-    configService.triggerServerConfigFetch();
-
-    configApiService.get.mockResolvedValueOnce(serverConfigResponseFactory("server1"));
-    configService.triggerServerConfigFetch();
-  });
-
-  describe("Fetches config from server", () => {
     beforeEach(() => {
-      stateService.getServerConfig.mockResolvedValueOnce(null);
+      environmentService.environment$ = of(environmentFactory(activeApiUrl));
+      sut = new DefaultConfigService(
+        configApiService,
+        environmentService,
+        logService,
+        stateProvider,
+      );
     });
 
-    it.each<number | jest.DoneCallback>([1, 2, 3])(
-      "after %p hour/s",
-      (hours: number, done: jest.DoneCallback) => {
-        const configService = configServiceFactory();
+    describe("serverConfig$", () => {
+      it.each([{}, null])("handles null stored state", async (globalTestState) => {
+        globalState.stateSubject.next(globalTestState);
+        userState.nextState(null);
+        await expect(firstValueFrom(sut.serverConfig$)).resolves.not.toThrow();
+      });
 
-        // skip previous hours (if any)
-        configService.serverConfig$.pipe(skip(hours - 1), take(1)).subscribe((config) => {
-          try {
-            expect(config.gitHash).toEqual("server" + hours);
-            expect(configApiService.get).toHaveBeenCalledTimes(hours);
-            done();
-          } catch (e) {
-            done(e);
-          }
+      describe.each(["stale", "missing"])("%s config", (configStateDescription) => {
+        const userStored =
+          configStateDescription === "missing"
+            ? null
+            : serverConfigFactory(activeApiUrl + userId, tooOld);
+        const globalStored =
+          configStateDescription === "missing"
+            ? {}
+            : {
+                [activeApiUrl]: serverConfigFactory(activeApiUrl, tooOld),
+              };
+
+        beforeEach(() => {
+          globalState.stateSubject.next(globalStored);
+          userState.nextState(userStored);
         });
 
-        const oneHourInMs = 1000 * 3600;
-        jest.advanceTimersByTime(oneHourInMs * hours + 1);
-      },
-    );
+        // sanity check
+        test("authed and unauthorized state are different", () => {
+          expect(globalStored[activeApiUrl]).not.toEqual(userStored);
+        });
 
-    it("when environment URLs change", (done) => {
-      const configService = configServiceFactory();
+        describe("fail to fetch", () => {
+          beforeEach(() => {
+            configApiService.get.mockRejectedValue(new Error("Unable to fetch"));
+          });
 
-      configService.serverConfig$.pipe(take(1)).subscribe((config) => {
-        try {
-          expect(config.gitHash).toEqual("server1");
-          done();
-        } catch (e) {
-          done(e);
-        }
+          it("uses storage as fallback", async () => {
+            const actual = await firstValueFrom(sut.serverConfig$);
+            expect(actual).toEqual(activeUserId ? userStored : globalStored[activeApiUrl]);
+            expect(configApiService.get).toHaveBeenCalledTimes(1);
+          });
+
+          it("does not error out when fetch fails", async () => {
+            await expect(firstValueFrom(sut.serverConfig$)).resolves.not.toThrow();
+            expect(configApiService.get).toHaveBeenCalledTimes(1);
+          });
+
+          it("logs an error when unable to fetch", async () => {
+            await firstValueFrom(sut.serverConfig$);
+
+            expect(logService.error).toHaveBeenCalledWith(
+              `Unable to fetch ServerConfig from ${activeApiUrl}: Unable to fetch`,
+            );
+          });
+        });
+
+        describe("fetch success", () => {
+          const response = serverConfigResponseFactory();
+          const newConfig = new ServerConfig(new ServerConfigData(response));
+
+          it("should be a new config", async () => {
+            expect(newConfig).not.toEqual(activeUserId ? userStored : globalStored[activeApiUrl]);
+          });
+
+          it("fetches config from server when it's older than an hour", async () => {
+            await firstValueFrom(sut.serverConfig$);
+
+            expect(configApiService.get).toHaveBeenCalledTimes(1);
+          });
+
+          it("returns the updated config", async () => {
+            configApiService.get.mockResolvedValue(response);
+
+            const actual = await firstValueFrom(sut.serverConfig$);
+
+            // This is the time the response is converted to a config
+            expect(actual.utcDate).toAlmostEqual(newConfig.utcDate, 1000);
+            delete actual.utcDate;
+            delete newConfig.utcDate;
+
+            expect(actual).toEqual(newConfig);
+          });
+        });
       });
 
-      (environmentService.urls as ReplaySubject<void>).next();
-    });
+      describe("fresh configuration", () => {
+        const userStored = serverConfigFactory(activeApiUrl + userId);
+        const globalStored = {
+          [activeApiUrl]: serverConfigFactory(activeApiUrl),
+        };
+        beforeEach(() => {
+          globalState.stateSubject.next(globalStored);
+          userState.nextState(userStored);
+        });
+        it("does not fetch from server", async () => {
+          await firstValueFrom(sut.serverConfig$);
 
-    it("when triggerServerConfigFetch() is called", (done) => {
-      const configService = configServiceFactory();
+          expect(configApiService.get).not.toHaveBeenCalled();
+        });
 
-      configService.serverConfig$.pipe(take(1)).subscribe((config) => {
-        try {
-          expect(config.gitHash).toEqual("server1");
-          done();
-        } catch (e) {
-          done(e);
-        }
+        it("uses stored value", async () => {
+          const actual = await firstValueFrom(sut.serverConfig$);
+          expect(actual).toEqual(activeUserId ? userStored : globalStored[activeApiUrl]);
+        });
+
+        it("does not complete after emit", async () => {
+          const emissions = [];
+          const subscription = sut.serverConfig$.subscribe((v) => emissions.push(v));
+          await awaitAsync();
+          expect(emissions.length).toBe(1);
+          expect(subscription.closed).toBe(false);
+        });
       });
-
-      configService.triggerServerConfigFetch();
     });
   });
 
-  it("Saves server config to storage when the user is logged in", (done) => {
-    stateService.getServerConfig.mockResolvedValueOnce(null);
-    authService.getAuthStatus.mockResolvedValue(AuthenticationStatus.Locked);
-    const configService = configServiceFactory();
+  describe("environment change", () => {
+    let sut: DefaultConfigService;
+    let environmentSubject: Subject<Environment>;
 
-    configService.serverConfig$.pipe(take(1)).subscribe(() => {
-      try {
-        expect(stateService.setServerConfig).toHaveBeenCalledWith(
-          expect.objectContaining({ gitHash: "server1" }),
-        );
-        done();
-      } catch (e) {
-        done(e);
-      }
+    beforeAll(async () => {
+      // updating environment with an active account is undefined behavior
+      await accountService.switchAccount(null);
     });
 
-    configService.triggerServerConfigFetch();
+    beforeEach(() => {
+      environmentSubject = new Subject<Environment>();
+      environmentService.environment$ = environmentSubject;
+      sut = new DefaultConfigService(
+        configApiService,
+        environmentService,
+        logService,
+        stateProvider,
+      );
+    });
+
+    describe("serverConfig$", () => {
+      it("emits a new config when the environment changes", async () => {
+        const globalStored = {
+          [apiUrl(0)]: serverConfigFactory(apiUrl(0)),
+          [apiUrl(1)]: serverConfigFactory(apiUrl(1)),
+        };
+        globalState.stateSubject.next(globalStored);
+
+        const spy = subscribeTo(sut.serverConfig$);
+
+        environmentSubject.next(environmentFactory(apiUrl(0)));
+        environmentSubject.next(environmentFactory(apiUrl(1)));
+
+        const expected = [globalStored[apiUrl(0)], globalStored[apiUrl(1)]];
+
+        const actual = await spy.pauseUntilReceived(2);
+        expect(actual.length).toBe(2);
+
+        // validate dates this is done separately because the dates are created when ServerConfig is initialized
+        expect(actual[0].utcDate).toAlmostEqual(expected[0].utcDate, 1000);
+        expect(actual[1].utcDate).toAlmostEqual(expected[1].utcDate, 1000);
+        delete actual[0].utcDate;
+        delete actual[1].utcDate;
+        delete expected[0].utcDate;
+        delete expected[1].utcDate;
+
+        expect(actual).toEqual(expected);
+        spy.unsubscribe();
+      });
+    });
   });
 });
 
-function serverConfigDataFactory(gitHash: string) {
-  return new ServerConfigData(serverConfigResponseFactory(gitHash));
+function apiUrl(count: number) {
+  return `https://api${count}.test.com`;
 }
 
-function serverConfigResponseFactory(gitHash: string) {
+function serverConfigFactory(hash: string, date: Date = new Date()) {
+  const config = new ServerConfig(serverConfigDataFactory(hash));
+  config.utcDate = date;
+  return config;
+}
+
+function serverConfigDataFactory(hash?: string) {
+  return new ServerConfigData(serverConfigResponseFactory(hash));
+}
+
+function serverConfigResponseFactory(hash?: string) {
   return new ServerConfigResponse({
     version: "myConfigVersion",
-    gitHash: gitHash,
+    gitHash: hash ?? Utils.newGuid(), // Use optional git hash to store uniqueness value
     server: new ThirdPartyServerConfigResponse({
       name: "myThirdPartyServer",
       url: "www.example.com",
@@ -200,3 +273,9 @@ function serverConfigResponseFactory(gitHash: string) {
     },
   });
 }
+
+function environmentFactory(apiUrl: string) {
+  return {
+    getApiUrl: () => apiUrl,
+  } as Environment;
+}
diff --git a/libs/common/src/platform/services/config/config.service.ts b/libs/common/src/platform/services/config/config.service.ts
deleted file mode 100644
index 270222d06e..0000000000
--- a/libs/common/src/platform/services/config/config.service.ts
+++ /dev/null
@@ -1,127 +0,0 @@
-import {
-  ReplaySubject,
-  Subject,
-  catchError,
-  concatMap,
-  defer,
-  delayWhen,
-  firstValueFrom,
-  map,
-  merge,
-  timer,
-} from "rxjs";
-import { SemVer } from "semver";
-
-import { AuthService } from "../../../auth/abstractions/auth.service";
-import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
-import { FeatureFlag, FeatureFlagValue } from "../../../enums/feature-flag.enum";
-import { ConfigApiServiceAbstraction } from "../../abstractions/config/config-api.service.abstraction";
-import { ConfigServiceAbstraction } from "../../abstractions/config/config.service.abstraction";
-import { ServerConfig } from "../../abstractions/config/server-config";
-import { EnvironmentService, Region } from "../../abstractions/environment.service";
-import { LogService } from "../../abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
-import { ServerConfigData } from "../../models/data/server-config.data";
-
-const ONE_HOUR_IN_MILLISECONDS = 1000 * 3600;
-
-export class ConfigService implements ConfigServiceAbstraction {
-  private inited = false;
-
-  protected _serverConfig = new ReplaySubject<ServerConfig | null>(1);
-  serverConfig$ = this._serverConfig.asObservable();
-
-  private _forceFetchConfig = new Subject<void>();
-  protected refreshTimer$ = timer(ONE_HOUR_IN_MILLISECONDS, ONE_HOUR_IN_MILLISECONDS); // after 1 hour, then every hour
-
-  cloudRegion$ = this.serverConfig$.pipe(
-    map((config) => config?.environment?.cloudRegion ?? Region.US),
-  );
-
-  constructor(
-    private stateService: StateService,
-    private configApiService: ConfigApiServiceAbstraction,
-    private authService: AuthService,
-    private environmentService: EnvironmentService,
-    private logService: LogService,
-
-    // Used to avoid duplicate subscriptions, e.g. in browser between the background and popup
-    private subscribe = true,
-  ) {}
-
-  init() {
-    if (!this.subscribe || this.inited) {
-      return;
-    }
-
-    const latestServerConfig$ = defer(() => this.configApiService.get()).pipe(
-      map((response) => new ServerConfigData(response)),
-      delayWhen((data) => this.saveConfig(data)),
-      catchError((e: unknown) => {
-        // fall back to stored ServerConfig (if any)
-        this.logService.error("Unable to fetch ServerConfig: " + (e as Error)?.message);
-        return this.stateService.getServerConfig();
-      }),
-    );
-
-    // If you need to fetch a new config when an event occurs, add an observable that emits on that event here
-    merge(
-      this.refreshTimer$, // an overridable interval
-      this.environmentService.urls, // when environment URLs change (including when app is started)
-      this._forceFetchConfig, // manual
-    )
-      .pipe(
-        concatMap(() => latestServerConfig$),
-        map((data) => (data == null ? null : new ServerConfig(data))),
-      )
-      .subscribe((config) => this._serverConfig.next(config));
-
-    this.inited = true;
-  }
-
-  getFeatureFlag$<T extends FeatureFlagValue>(key: FeatureFlag, defaultValue?: T) {
-    return this.serverConfig$.pipe(
-      map((serverConfig) => {
-        if (serverConfig?.featureStates == null || serverConfig.featureStates[key] == null) {
-          return defaultValue;
-        }
-
-        return serverConfig.featureStates[key] as T;
-      }),
-    );
-  }
-
-  async getFeatureFlag<T extends FeatureFlagValue>(key: FeatureFlag, defaultValue?: T) {
-    return await firstValueFrom(this.getFeatureFlag$(key, defaultValue));
-  }
-
-  triggerServerConfigFetch() {
-    this._forceFetchConfig.next();
-  }
-
-  private async saveConfig(data: ServerConfigData) {
-    if ((await this.authService.getAuthStatus()) === AuthenticationStatus.LoggedOut) {
-      return;
-    }
-
-    await this.stateService.setServerConfig(data);
-    this.environmentService.setCloudWebVaultUrl(data.environment?.cloudRegion);
-  }
-
-  /**
-   * Verifies whether the server version meets the minimum required version
-   * @param minimumRequiredServerVersion The minimum version required
-   * @returns True if the server version is greater than or equal to the minimum required version
-   */
-  checkServerMeetsVersionRequirement$(minimumRequiredServerVersion: SemVer) {
-    return this.serverConfig$.pipe(
-      map((serverConfig) => {
-        if (serverConfig == null) {
-          return false;
-        }
-        const serverVersion = new SemVer(serverConfig.version);
-        return serverVersion.compare(minimumRequiredServerVersion) >= 0;
-      }),
-    );
-  }
-}
diff --git a/libs/common/src/platform/services/config/default-config.service.ts b/libs/common/src/platform/services/config/default-config.service.ts
new file mode 100644
index 0000000000..9532b903d3
--- /dev/null
+++ b/libs/common/src/platform/services/config/default-config.service.ts
@@ -0,0 +1,177 @@
+import {
+  NEVER,
+  Observable,
+  Subject,
+  combineLatest,
+  firstValueFrom,
+  map,
+  mergeWith,
+  of,
+  shareReplay,
+  switchMap,
+  tap,
+} from "rxjs";
+import { SemVer } from "semver";
+
+import { FeatureFlag, FeatureFlagValue } from "../../../enums/feature-flag.enum";
+import { UserId } from "../../../types/guid";
+import { ConfigApiServiceAbstraction } from "../../abstractions/config/config-api.service.abstraction";
+import { ConfigService } from "../../abstractions/config/config.service";
+import { ServerConfig } from "../../abstractions/config/server-config";
+import { EnvironmentService, Region } from "../../abstractions/environment.service";
+import { LogService } from "../../abstractions/log.service";
+import { ServerConfigData } from "../../models/data/server-config.data";
+import { CONFIG_DISK, KeyDefinition, StateProvider, UserKeyDefinition } from "../../state";
+
+export const RETRIEVAL_INTERVAL = 3_600_000; // 1 hour
+
+export type ApiUrl = string;
+
+export const USER_SERVER_CONFIG = new UserKeyDefinition<ServerConfig>(CONFIG_DISK, "serverConfig", {
+  deserializer: (data) => (data == null ? null : ServerConfig.fromJSON(data)),
+  clearOn: ["logout"],
+});
+
+// TODO MDG: When to clean these up?
+export const GLOBAL_SERVER_CONFIGURATIONS = KeyDefinition.record<ServerConfig, ApiUrl>(
+  CONFIG_DISK,
+  "byServer",
+  {
+    deserializer: (data) => (data == null ? null : ServerConfig.fromJSON(data)),
+  },
+);
+
+// FIXME: currently we are limited to api requests for active users. Update to accept a UserId and APIUrl once ApiService supports it.
+export class DefaultConfigService implements ConfigService {
+  private failedFetchFallbackSubject = new Subject<ServerConfig>();
+
+  serverConfig$: Observable<ServerConfig>;
+
+  cloudRegion$: Observable<Region>;
+
+  constructor(
+    private configApiService: ConfigApiServiceAbstraction,
+    private environmentService: EnvironmentService,
+    private logService: LogService,
+    private stateProvider: StateProvider,
+  ) {
+    const apiUrl$ = this.environmentService.environment$.pipe(
+      map((environment) => environment.getApiUrl()),
+    );
+
+    this.serverConfig$ = combineLatest([this.stateProvider.activeUserId$, apiUrl$]).pipe(
+      switchMap(([userId, apiUrl]) => {
+        const config$ =
+          userId == null ? this.globalConfigFor$(apiUrl) : this.userConfigFor$(userId);
+        return config$.pipe(map((config) => [config, userId, apiUrl] as const));
+      }),
+      tap(async (rec) => {
+        const [existingConfig, userId, apiUrl] = rec;
+        // Grab new config if older retrieval interval
+        if (!existingConfig || this.olderThanRetrievalInterval(existingConfig.utcDate)) {
+          await this.renewConfig(existingConfig, userId, apiUrl);
+        }
+      }),
+      switchMap(([existingConfig]) => {
+        // If we needed to fetch, stop this emit, we'll get a new one after update
+        // This is split up with the above tap because we need to return an observable from a failed promise,
+        // which isn't very doable since promises are converted to observables in switchMap
+        if (!existingConfig || this.olderThanRetrievalInterval(existingConfig.utcDate)) {
+          return NEVER;
+        }
+        return of(existingConfig);
+      }),
+      // If fetch fails, we'll emit on this subject to fallback to the existing config
+      mergeWith(this.failedFetchFallbackSubject),
+      shareReplay({ refCount: true, bufferSize: 1 }),
+    );
+
+    this.cloudRegion$ = this.serverConfig$.pipe(
+      map((config) => config?.environment?.cloudRegion ?? Region.US),
+    );
+  }
+  getFeatureFlag$<T extends FeatureFlagValue>(key: FeatureFlag, defaultValue?: T) {
+    return this.serverConfig$.pipe(
+      map((serverConfig) => {
+        if (serverConfig?.featureStates == null || serverConfig.featureStates[key] == null) {
+          return defaultValue;
+        }
+
+        return serverConfig.featureStates[key] as T;
+      }),
+    );
+  }
+
+  async getFeatureFlag<T extends FeatureFlagValue>(key: FeatureFlag, defaultValue?: T) {
+    return await firstValueFrom(this.getFeatureFlag$(key, defaultValue));
+  }
+
+  checkServerMeetsVersionRequirement$(minimumRequiredServerVersion: SemVer) {
+    return this.serverConfig$.pipe(
+      map((serverConfig) => {
+        if (serverConfig == null) {
+          return false;
+        }
+        const serverVersion = new SemVer(serverConfig.version);
+        return serverVersion.compare(minimumRequiredServerVersion) >= 0;
+      }),
+    );
+  }
+
+  async ensureConfigFetched() {
+    // Triggering a retrieval for the given user ensures that the config is less than RETRIEVAL_INTERVAL old
+    await firstValueFrom(this.serverConfig$);
+  }
+
+  private olderThanRetrievalInterval(date: Date) {
+    return new Date().getTime() - date.getTime() > RETRIEVAL_INTERVAL;
+  }
+
+  // Updates the on-disk configuration with a newly retrieved configuration
+  private async renewConfig(
+    existingConfig: ServerConfig,
+    userId: UserId,
+    apiUrl: string,
+  ): Promise<void> {
+    try {
+      const response = await this.configApiService.get(userId);
+      const newConfig = new ServerConfig(new ServerConfigData(response));
+
+      // Update the environment region
+      if (
+        newConfig?.environment?.cloudRegion != null &&
+        existingConfig?.environment?.cloudRegion != newConfig.environment.cloudRegion
+      ) {
+        // Null userId sets global, otherwise sets to the given user
+        await this.environmentService.setCloudRegion(userId, newConfig?.environment?.cloudRegion);
+      }
+
+      if (userId == null) {
+        // update global state with new pulled config
+        await this.stateProvider.getGlobal(GLOBAL_SERVER_CONFIGURATIONS).update((configs) => {
+          return { ...configs, [apiUrl]: newConfig };
+        });
+      } else {
+        // update state with new pulled config
+        await this.stateProvider.setUserState(USER_SERVER_CONFIG, newConfig, userId);
+      }
+    } catch (e) {
+      // mutate error to be handled by catchError
+      this.logService.error(
+        `Unable to fetch ServerConfig from ${apiUrl}: ${(e as Error)?.message}`,
+      );
+      // Emit the existing config
+      this.failedFetchFallbackSubject.next(existingConfig);
+    }
+  }
+
+  private globalConfigFor$(apiUrl: string): Observable<ServerConfig> {
+    return this.stateProvider
+      .getGlobal(GLOBAL_SERVER_CONFIGURATIONS)
+      .state$.pipe(map((configs) => configs?.[apiUrl]));
+  }
+
+  private userConfigFor$(userId: UserId): Observable<ServerConfig> {
+    return this.stateProvider.getUser(userId, USER_SERVER_CONFIG).state$;
+  }
+}
diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts
index 86f7c3798f..dd3c497470 100644
--- a/libs/common/src/platform/services/crypto.service.ts
+++ b/libs/common/src/platform/services/crypto.service.ts
@@ -1,5 +1,5 @@
 import * as bigInt from "big-integer";
-import { Observable, firstValueFrom, map } from "rxjs";
+import { Observable, filter, firstValueFrom, map } from "rxjs";
 
 import { EncryptedOrganizationKeyData } from "../../admin-console/models/data/encrypted-organization-key.data";
 import { ProfileOrganizationResponse } from "../../admin-console/models/response/profile-organization.response";
@@ -100,7 +100,9 @@ export class CryptoService implements CryptoServiceAbstraction {
     // User Asymmetric Key Pair
     this.activeUserEncryptedPrivateKeyState = stateProvider.getActive(USER_ENCRYPTED_PRIVATE_KEY);
     this.activeUserPrivateKeyState = stateProvider.getDerived(
-      this.activeUserEncryptedPrivateKeyState.combinedState$,
+      this.activeUserEncryptedPrivateKeyState.combinedState$.pipe(
+        filter(([_userId, key]) => key != null),
+      ),
       USER_PRIVATE_KEY,
       {
         encryptService: this.encryptService,
@@ -109,7 +111,7 @@ export class CryptoService implements CryptoServiceAbstraction {
     );
     this.activeUserPrivateKey$ = this.activeUserPrivateKeyState.state$; // may be null
     this.activeUserPublicKeyState = stateProvider.getDerived(
-      this.activeUserPrivateKey$,
+      this.activeUserPrivateKey$.pipe(filter((key) => key != null)),
       USER_PUBLIC_KEY,
       {
         cryptoFunctionService: this.cryptoFunctionService,
@@ -122,7 +124,7 @@ export class CryptoService implements CryptoServiceAbstraction {
       USER_ENCRYPTED_ORGANIZATION_KEYS,
     );
     this.activeUserOrgKeysState = stateProvider.getDerived(
-      this.activeUserEncryptedOrgKeysState.state$,
+      this.activeUserEncryptedOrgKeysState.state$.pipe(filter((keys) => keys != null)),
       USER_ORGANIZATION_KEYS,
       { cryptoService: this },
     );
@@ -133,7 +135,7 @@ export class CryptoService implements CryptoServiceAbstraction {
       USER_ENCRYPTED_PROVIDER_KEYS,
     );
     this.activeUserProviderKeysState = stateProvider.getDerived(
-      this.activeUserEncryptedProviderKeysState.state$,
+      this.activeUserEncryptedProviderKeysState.state$.pipe(filter((keys) => keys != null)),
       USER_PROVIDER_KEYS,
       { encryptService: this.encryptService, cryptoService: this },
     );
@@ -158,6 +160,10 @@ export class CryptoService implements CryptoServiceAbstraction {
     await this.setUserKey(key);
   }
 
+  getInMemoryUserKeyFor$(userId: UserId): Observable<UserKey> {
+    return this.stateProvider.getUserState$(USER_KEY, userId);
+  }
+
   async getUserKey(userId?: UserId): Promise<UserKey> {
     let userKey = await firstValueFrom(this.stateProvider.getUserState$(USER_KEY, userId));
     if (userKey) {
diff --git a/libs/common/src/platform/services/default-environment.service.spec.ts b/libs/common/src/platform/services/default-environment.service.spec.ts
new file mode 100644
index 0000000000..66bc1acfda
--- /dev/null
+++ b/libs/common/src/platform/services/default-environment.service.spec.ts
@@ -0,0 +1,418 @@
+import { firstValueFrom } from "rxjs";
+
+import { FakeStateProvider, awaitAsync } from "../../../spec";
+import { FakeAccountService } from "../../../spec/fake-account-service";
+import { AuthenticationStatus } from "../../auth/enums/authentication-status";
+import { UserId } from "../../types/guid";
+import { CloudRegion, Region } from "../abstractions/environment.service";
+
+import {
+  ENVIRONMENT_KEY,
+  DefaultEnvironmentService,
+  EnvironmentUrls,
+} from "./default-environment.service";
+
+// There are a few main states EnvironmentService could be in when first used
+// 1. Not initialized, no active user. Hopefully not to likely but possible
+// 2. Not initialized, with active user. Not likely
+// 3. Initialized, no active user.
+// 4. Initialized, with active user.
+describe("EnvironmentService", () => {
+  let accountService: FakeAccountService;
+  let stateProvider: FakeStateProvider;
+
+  let sut: DefaultEnvironmentService;
+
+  const testUser = "00000000-0000-1000-a000-000000000001" as UserId;
+  const alternateTestUser = "00000000-0000-1000-a000-000000000002" as UserId;
+
+  beforeEach(async () => {
+    accountService = new FakeAccountService({
+      [testUser]: {
+        name: "name",
+        email: "email",
+        status: AuthenticationStatus.Locked,
+      },
+      [alternateTestUser]: {
+        name: "name",
+        email: "email",
+        status: AuthenticationStatus.Locked,
+      },
+    });
+    stateProvider = new FakeStateProvider(accountService);
+
+    sut = new DefaultEnvironmentService(stateProvider, accountService);
+  });
+
+  const switchUser = async (userId: UserId) => {
+    accountService.activeAccountSubject.next({
+      id: userId,
+      email: "test@example.com",
+      name: `Test Name ${userId}`,
+      status: AuthenticationStatus.Unlocked,
+    });
+    await awaitAsync();
+  };
+
+  const setGlobalData = (region: Region, environmentUrls: EnvironmentUrls) => {
+    stateProvider.global.getFake(ENVIRONMENT_KEY).stateSubject.next({
+      region: region,
+      urls: environmentUrls,
+    });
+  };
+
+  const setUserData = (
+    region: Region,
+    environmentUrls: EnvironmentUrls,
+    userId: UserId = testUser,
+  ) => {
+    stateProvider.singleUser.getFake(userId, ENVIRONMENT_KEY).nextState({
+      region: region,
+      urls: environmentUrls,
+    });
+  };
+
+  const REGION_SETUP = [
+    {
+      region: Region.US,
+      expectedUrls: {
+        webVault: "https://vault.bitwarden.com",
+        identity: "https://identity.bitwarden.com",
+        api: "https://api.bitwarden.com",
+        icons: "https://icons.bitwarden.net",
+        notifications: "https://notifications.bitwarden.com",
+        events: "https://events.bitwarden.com",
+        scim: "https://scim.bitwarden.com/v2",
+        send: "https://send.bitwarden.com/#",
+      },
+    },
+    {
+      region: Region.EU,
+      expectedUrls: {
+        webVault: "https://vault.bitwarden.eu",
+        identity: "https://identity.bitwarden.eu",
+        api: "https://api.bitwarden.eu",
+        icons: "https://icons.bitwarden.eu",
+        notifications: "https://notifications.bitwarden.eu",
+        events: "https://events.bitwarden.eu",
+        scim: "https://scim.bitwarden.eu/v2",
+        send: "https://vault.bitwarden.eu/#/send/",
+      },
+    },
+  ];
+
+  describe("with user", () => {
+    it.each(REGION_SETUP)(
+      "sets correct urls for each region %s",
+      async ({ region, expectedUrls }) => {
+        setUserData(region, new EnvironmentUrls());
+        await switchUser(testUser);
+
+        const env = await firstValueFrom(sut.environment$);
+
+        expect(env.hasBaseUrl()).toBe(false);
+        expect(env.getWebVaultUrl()).toBe(expectedUrls.webVault);
+        expect(env.getIdentityUrl()).toBe(expectedUrls.identity);
+        expect(env.getApiUrl()).toBe(expectedUrls.api);
+        expect(env.getIconsUrl()).toBe(expectedUrls.icons);
+        expect(env.getNotificationsUrl()).toBe(expectedUrls.notifications);
+        expect(env.getEventsUrl()).toBe(expectedUrls.events);
+        expect(env.getScimUrl()).toBe(expectedUrls.scim);
+        expect(env.getSendUrl()).toBe(expectedUrls.send);
+        expect(env.getKeyConnectorUrl()).toBe(undefined);
+        expect(env.isCloud()).toBe(true);
+        expect(env.getUrls()).toEqual({
+          base: null,
+          cloudWebVault: undefined,
+          webVault: expectedUrls.webVault,
+          identity: expectedUrls.identity,
+          api: expectedUrls.api,
+          icons: expectedUrls.icons,
+          notifications: expectedUrls.notifications,
+          events: expectedUrls.events,
+          scim: expectedUrls.scim.replace("/v2", ""),
+          keyConnector: undefined,
+        });
+      },
+    );
+
+    it("returns user data", async () => {
+      const globalEnvironmentUrls = new EnvironmentUrls();
+      globalEnvironmentUrls.base = "https://global-url.example.com";
+      setGlobalData(Region.SelfHosted, globalEnvironmentUrls);
+
+      const userEnvironmentUrls = new EnvironmentUrls();
+      userEnvironmentUrls.base = "https://user-url.example.com";
+      setUserData(Region.SelfHosted, userEnvironmentUrls);
+
+      await switchUser(testUser);
+
+      const env = await firstValueFrom(sut.environment$);
+
+      expect(env.getWebVaultUrl()).toBe("https://user-url.example.com");
+      expect(env.getIdentityUrl()).toBe("https://user-url.example.com/identity");
+      expect(env.getApiUrl()).toBe("https://user-url.example.com/api");
+      expect(env.getIconsUrl()).toBe("https://user-url.example.com/icons");
+      expect(env.getNotificationsUrl()).toBe("https://user-url.example.com/notifications");
+      expect(env.getEventsUrl()).toBe("https://user-url.example.com/events");
+      expect(env.getScimUrl()).toBe("https://user-url.example.com/scim/v2");
+      expect(env.getSendUrl()).toBe("https://user-url.example.com/#/send/");
+      expect(env.isCloud()).toBe(false);
+      expect(env.getUrls()).toEqual({
+        base: "https://user-url.example.com",
+        api: null,
+        cloudWebVault: undefined,
+        events: null,
+        icons: null,
+        identity: null,
+        keyConnector: null,
+        notifications: null,
+        scim: null,
+        webVault: null,
+      });
+    });
+  });
+
+  describe("without user", () => {
+    it.each(REGION_SETUP)("gets default urls %s", async ({ region, expectedUrls }) => {
+      setGlobalData(region, new EnvironmentUrls());
+      const env = await firstValueFrom(sut.environment$);
+
+      expect(env.hasBaseUrl()).toBe(false);
+      expect(env.getWebVaultUrl()).toBe(expectedUrls.webVault);
+      expect(env.getIdentityUrl()).toBe(expectedUrls.identity);
+      expect(env.getApiUrl()).toBe(expectedUrls.api);
+      expect(env.getIconsUrl()).toBe(expectedUrls.icons);
+      expect(env.getNotificationsUrl()).toBe(expectedUrls.notifications);
+      expect(env.getEventsUrl()).toBe(expectedUrls.events);
+      expect(env.getScimUrl()).toBe(expectedUrls.scim);
+      expect(env.getSendUrl()).toBe(expectedUrls.send);
+      expect(env.getKeyConnectorUrl()).toBe(undefined);
+      expect(env.isCloud()).toBe(true);
+      expect(env.getUrls()).toEqual({
+        base: null,
+        cloudWebVault: undefined,
+        webVault: expectedUrls.webVault,
+        identity: expectedUrls.identity,
+        api: expectedUrls.api,
+        icons: expectedUrls.icons,
+        notifications: expectedUrls.notifications,
+        events: expectedUrls.events,
+        scim: expectedUrls.scim.replace("/v2", ""),
+        keyConnector: undefined,
+      });
+    });
+
+    it("gets global data", async () => {
+      const globalEnvironmentUrls = new EnvironmentUrls();
+      globalEnvironmentUrls.base = "https://global-url.example.com";
+      globalEnvironmentUrls.keyConnector = "https://global-key-connector.example.com";
+      setGlobalData(Region.SelfHosted, globalEnvironmentUrls);
+
+      const userEnvironmentUrls = new EnvironmentUrls();
+      userEnvironmentUrls.base = "https://user-url.example.com";
+      userEnvironmentUrls.keyConnector = "https://user-key-connector.example.com";
+      setUserData(Region.SelfHosted, userEnvironmentUrls);
+
+      const env = await firstValueFrom(sut.environment$);
+
+      expect(env.getWebVaultUrl()).toBe("https://global-url.example.com");
+      expect(env.getIdentityUrl()).toBe("https://global-url.example.com/identity");
+      expect(env.getApiUrl()).toBe("https://global-url.example.com/api");
+      expect(env.getIconsUrl()).toBe("https://global-url.example.com/icons");
+      expect(env.getNotificationsUrl()).toBe("https://global-url.example.com/notifications");
+      expect(env.getEventsUrl()).toBe("https://global-url.example.com/events");
+      expect(env.getScimUrl()).toBe("https://global-url.example.com/scim/v2");
+      expect(env.getSendUrl()).toBe("https://global-url.example.com/#/send/");
+      expect(env.getKeyConnectorUrl()).toBe("https://global-key-connector.example.com");
+      expect(env.isCloud()).toBe(false);
+      expect(env.getUrls()).toEqual({
+        api: null,
+        base: "https://global-url.example.com",
+        cloudWebVault: undefined,
+        webVault: null,
+        events: null,
+        icons: null,
+        identity: null,
+        keyConnector: "https://global-key-connector.example.com",
+        notifications: null,
+        scim: null,
+      });
+    });
+  });
+
+  describe("setEnvironment", () => {
+    it("self-hosted with base-url", async () => {
+      await sut.setEnvironment(Region.SelfHosted, {
+        base: "base.example.com",
+      });
+      await awaitAsync();
+
+      const env = await firstValueFrom(sut.environment$);
+
+      expect(env.getRegion()).toBe(Region.SelfHosted);
+      expect(env.getUrls()).toEqual({
+        base: "https://base.example.com",
+        api: null,
+        identity: null,
+        webVault: null,
+        icons: null,
+        notifications: null,
+        scim: null,
+        events: null,
+        keyConnector: null,
+      });
+    });
+
+    it("self-hosted and sets all urls", async () => {
+      let env = await firstValueFrom(sut.environment$);
+      expect(env.getScimUrl()).toBe("https://scim.bitwarden.com/v2");
+
+      await sut.setEnvironment(Region.SelfHosted, {
+        base: "base.example.com",
+        api: "api.example.com",
+        identity: "identity.example.com",
+        webVault: "vault.example.com",
+        icons: "icons.example.com",
+        notifications: "notifications.example.com",
+        scim: "scim.example.com",
+      });
+
+      env = await firstValueFrom(sut.environment$);
+
+      expect(env.getRegion()).toBe(Region.SelfHosted);
+      expect(env.getUrls()).toEqual({
+        base: "https://base.example.com",
+        api: "https://api.example.com",
+        identity: "https://identity.example.com",
+        webVault: "https://vault.example.com",
+        icons: "https://icons.example.com",
+        notifications: "https://notifications.example.com",
+        scim: null,
+        events: null,
+        keyConnector: null,
+      });
+      expect(env.getScimUrl()).toBe("https://vault.example.com/scim/v2");
+    });
+
+    it("sets the region", async () => {
+      await sut.setEnvironment(Region.US);
+
+      const data = await firstValueFrom(sut.environment$);
+
+      expect(data.getRegion()).toBe(Region.US);
+    });
+  });
+
+  describe("getEnvironment", () => {
+    it.each([
+      { region: Region.US, expectedHost: "bitwarden.com" },
+      { region: Region.EU, expectedHost: "bitwarden.eu" },
+    ])("gets it from user data if there is an active user", async ({ region, expectedHost }) => {
+      setGlobalData(Region.US, new EnvironmentUrls());
+      setUserData(region, new EnvironmentUrls());
+
+      await switchUser(testUser);
+
+      const env = await sut.getEnvironment();
+      expect(env.getHostname()).toBe(expectedHost);
+    });
+
+    it.each([
+      { region: Region.US, expectedHost: "bitwarden.com" },
+      { region: Region.EU, expectedHost: "bitwarden.eu" },
+    ])("gets it from global data if there is no active user", async ({ region, expectedHost }) => {
+      setGlobalData(region, new EnvironmentUrls());
+      setUserData(Region.US, new EnvironmentUrls());
+
+      const env = await sut.getEnvironment();
+      expect(env.getHostname()).toBe(expectedHost);
+    });
+
+    it.each([
+      { region: Region.US, expectedHost: "bitwarden.com" },
+      { region: Region.EU, expectedHost: "bitwarden.eu" },
+    ])(
+      "gets it from global state if there is no active user even if a user id is passed in.",
+      async ({ region, expectedHost }) => {
+        setGlobalData(region, new EnvironmentUrls());
+        setUserData(Region.US, new EnvironmentUrls());
+
+        const env = await sut.getEnvironment(testUser);
+        expect(env.getHostname()).toBe(expectedHost);
+      },
+    );
+
+    it.each([
+      { region: Region.US, expectedHost: "bitwarden.com" },
+      { region: Region.EU, expectedHost: "bitwarden.eu" },
+    ])(
+      "gets it from the passed in userId if there is any active user: %s",
+      async ({ region, expectedHost }) => {
+        setGlobalData(Region.US, new EnvironmentUrls());
+        setUserData(Region.US, new EnvironmentUrls());
+        setUserData(region, new EnvironmentUrls(), alternateTestUser);
+
+        await switchUser(testUser);
+
+        const env = await sut.getEnvironment(alternateTestUser);
+        expect(env.getHostname()).toBe(expectedHost);
+      },
+    );
+
+    it("gets it from base url saved in self host config", async () => {
+      const globalSelfHostUrls = new EnvironmentUrls();
+      globalSelfHostUrls.base = "https://base.example.com";
+      setGlobalData(Region.SelfHosted, globalSelfHostUrls);
+      setUserData(Region.EU, new EnvironmentUrls());
+
+      const env = await sut.getEnvironment();
+      expect(env.getHostname()).toBe("base.example.com");
+    });
+
+    it("gets it from webVault url saved in self host config", async () => {
+      const globalSelfHostUrls = new EnvironmentUrls();
+      globalSelfHostUrls.webVault = "https://vault.example.com";
+      globalSelfHostUrls.base = "https://base.example.com";
+      setGlobalData(Region.SelfHosted, globalSelfHostUrls);
+      setUserData(Region.EU, new EnvironmentUrls());
+
+      const env = await sut.getEnvironment();
+      expect(env.getHostname()).toBe("vault.example.com");
+    });
+
+    it("gets it from saved self host config from passed in user when there is an active user", async () => {
+      setGlobalData(Region.US, new EnvironmentUrls());
+      setUserData(Region.EU, new EnvironmentUrls());
+
+      const selfHostUserUrls = new EnvironmentUrls();
+      selfHostUserUrls.base = "https://base.example.com";
+      setUserData(Region.SelfHosted, selfHostUserUrls, alternateTestUser);
+
+      await switchUser(testUser);
+
+      const env = await sut.getEnvironment(alternateTestUser);
+      expect(env.getHostname()).toBe("base.example.com");
+    });
+  });
+
+  describe("cloudWebVaultUrl$", () => {
+    it("no extra initialization, returns US vault", async () => {
+      expect(await firstValueFrom(sut.cloudWebVaultUrl$)).toBe("https://vault.bitwarden.com");
+    });
+
+    it.each([
+      { region: Region.US, expectedVault: "https://vault.bitwarden.com" },
+      { region: Region.EU, expectedVault: "https://vault.bitwarden.eu" },
+      { region: Region.SelfHosted, expectedVault: "https://vault.bitwarden.com" },
+    ])(
+      "no extra initialization, returns expected host for each region %s",
+      async ({ region, expectedVault }) => {
+        await switchUser(testUser);
+
+        expect(await sut.setCloudRegion(testUser, region as CloudRegion));
+        expect(await firstValueFrom(sut.cloudWebVaultUrl$)).toBe(expectedVault);
+      },
+    );
+  });
+});
diff --git a/libs/common/src/platform/services/default-environment.service.ts b/libs/common/src/platform/services/default-environment.service.ts
new file mode 100644
index 0000000000..d074ff43f8
--- /dev/null
+++ b/libs/common/src/platform/services/default-environment.service.ts
@@ -0,0 +1,433 @@
+import { distinctUntilChanged, firstValueFrom, map, Observable, switchMap } from "rxjs";
+import { Jsonify } from "type-fest";
+
+import { AccountService } from "../../auth/abstractions/account.service";
+import { UserId } from "../../types/guid";
+import {
+  EnvironmentService,
+  Environment,
+  Region,
+  RegionConfig,
+  Urls,
+  CloudRegion,
+} from "../abstractions/environment.service";
+import { Utils } from "../misc/utils";
+import {
+  ENVIRONMENT_DISK,
+  ENVIRONMENT_MEMORY,
+  GlobalState,
+  KeyDefinition,
+  StateProvider,
+} from "../state";
+
+export class EnvironmentUrls {
+  base: string = null;
+  api: string = null;
+  identity: string = null;
+  icons: string = null;
+  notifications: string = null;
+  events: string = null;
+  webVault: string = null;
+  keyConnector: string = null;
+}
+
+class EnvironmentState {
+  region: Region;
+  urls: EnvironmentUrls;
+
+  static fromJSON(obj: Jsonify<EnvironmentState>): EnvironmentState {
+    return Object.assign(new EnvironmentState(), obj);
+  }
+}
+
+export const ENVIRONMENT_KEY = new KeyDefinition<EnvironmentState>(
+  ENVIRONMENT_DISK,
+  "environment",
+  {
+    deserializer: EnvironmentState.fromJSON,
+  },
+);
+
+export const CLOUD_REGION_KEY = new KeyDefinition<CloudRegion>(ENVIRONMENT_MEMORY, "cloudRegion", {
+  deserializer: (b) => b,
+});
+
+/**
+ * The production regions available for selection.
+ *
+ * In the future we desire to load these urls from the config endpoint.
+ */
+export const PRODUCTION_REGIONS: RegionConfig[] = [
+  {
+    key: Region.US,
+    domain: "bitwarden.com",
+    urls: {
+      base: null,
+      api: "https://api.bitwarden.com",
+      identity: "https://identity.bitwarden.com",
+      icons: "https://icons.bitwarden.net",
+      webVault: "https://vault.bitwarden.com",
+      notifications: "https://notifications.bitwarden.com",
+      events: "https://events.bitwarden.com",
+      scim: "https://scim.bitwarden.com",
+    },
+  },
+  {
+    key: Region.EU,
+    domain: "bitwarden.eu",
+    urls: {
+      base: null,
+      api: "https://api.bitwarden.eu",
+      identity: "https://identity.bitwarden.eu",
+      icons: "https://icons.bitwarden.eu",
+      webVault: "https://vault.bitwarden.eu",
+      notifications: "https://notifications.bitwarden.eu",
+      events: "https://events.bitwarden.eu",
+      scim: "https://scim.bitwarden.eu",
+    },
+  },
+];
+
+/**
+ * The default region when starting the app.
+ */
+const DEFAULT_REGION = Region.US;
+
+/**
+ * The default region configuration.
+ */
+const DEFAULT_REGION_CONFIG = PRODUCTION_REGIONS.find((r) => r.key === DEFAULT_REGION);
+
+export class DefaultEnvironmentService implements EnvironmentService {
+  private globalState: GlobalState<EnvironmentState | null>;
+  private globalCloudRegionState: GlobalState<CloudRegion | null>;
+
+  // We intentionally don't want the helper on account service, we want the null back if there is no active user
+  private activeAccountId$: Observable<UserId | null> = this.accountService.activeAccount$.pipe(
+    map((a) => a?.id),
+  );
+
+  environment$: Observable<Environment>;
+  cloudWebVaultUrl$: Observable<string>;
+
+  constructor(
+    private stateProvider: StateProvider,
+    private accountService: AccountService,
+  ) {
+    this.globalState = this.stateProvider.getGlobal(ENVIRONMENT_KEY);
+    this.globalCloudRegionState = this.stateProvider.getGlobal(CLOUD_REGION_KEY);
+
+    const account$ = this.activeAccountId$.pipe(
+      // Use == here to not trigger on undefined -> null transition
+      distinctUntilChanged((oldUserId: UserId, newUserId: UserId) => oldUserId == newUserId),
+    );
+
+    this.environment$ = account$.pipe(
+      switchMap((userId) => {
+        const t = userId
+          ? this.stateProvider.getUser(userId, ENVIRONMENT_KEY).state$
+          : this.stateProvider.getGlobal(ENVIRONMENT_KEY).state$;
+        return t;
+      }),
+      map((state) => {
+        return this.buildEnvironment(state?.region, state?.urls);
+      }),
+    );
+    this.cloudWebVaultUrl$ = account$.pipe(
+      switchMap((userId) => {
+        const t = userId
+          ? this.stateProvider.getUser(userId, CLOUD_REGION_KEY).state$
+          : this.stateProvider.getGlobal(CLOUD_REGION_KEY).state$;
+        return t;
+      }),
+      map((region) => {
+        if (region != null) {
+          const config = this.getRegionConfig(region);
+
+          if (config != null) {
+            return config.urls.webVault;
+          }
+        }
+        return DEFAULT_REGION_CONFIG.urls.webVault;
+      }),
+    );
+  }
+
+  availableRegions(): RegionConfig[] {
+    const additionalRegions = (process.env.ADDITIONAL_REGIONS as unknown as RegionConfig[]) ?? [];
+    return PRODUCTION_REGIONS.concat(additionalRegions);
+  }
+
+  /**
+   * Get the region configuration for the given region.
+   */
+  private getRegionConfig(region: Region): RegionConfig | undefined {
+    return this.availableRegions().find((r) => r.key === region);
+  }
+
+  async setEnvironment(region: Region, urls?: Urls): Promise<Urls> {
+    // Unknown regions are treated as self-hosted
+    if (this.getRegionConfig(region) == null) {
+      region = Region.SelfHosted;
+    }
+
+    // If self-hosted ensure urls are valid else fallback to default region
+    if (region == Region.SelfHosted && isEmpty(urls)) {
+      region = DEFAULT_REGION;
+    }
+
+    if (region != Region.SelfHosted) {
+      await this.globalState.update(() => ({
+        region: region,
+        urls: null,
+      }));
+
+      return null;
+    } else {
+      // Clean the urls
+      urls.base = formatUrl(urls.base);
+      urls.webVault = formatUrl(urls.webVault);
+      urls.api = formatUrl(urls.api);
+      urls.identity = formatUrl(urls.identity);
+      urls.icons = formatUrl(urls.icons);
+      urls.notifications = formatUrl(urls.notifications);
+      urls.events = formatUrl(urls.events);
+      urls.keyConnector = formatUrl(urls.keyConnector);
+      urls.scim = null;
+
+      await this.globalState.update(() => ({
+        region: region,
+        urls: {
+          base: urls.base,
+          api: urls.api,
+          identity: urls.identity,
+          webVault: urls.webVault,
+          icons: urls.icons,
+          notifications: urls.notifications,
+          events: urls.events,
+          keyConnector: urls.keyConnector,
+        },
+      }));
+
+      return urls;
+    }
+  }
+
+  /**
+   * Helper for building the environment from state. Performs some general sanitization to avoid invalid regions and urls.
+   */
+  protected buildEnvironment(region: Region, urls: Urls) {
+    // Unknown regions are treated as self-hosted
+    if (this.getRegionConfig(region) == null) {
+      region = Region.SelfHosted;
+    }
+
+    // If self-hosted ensure urls are valid else fallback to default region
+    if (region == Region.SelfHosted && isEmpty(urls)) {
+      region = DEFAULT_REGION;
+    }
+
+    // Load urls from region config
+    if (region != Region.SelfHosted) {
+      const regionConfig = this.getRegionConfig(region);
+      if (regionConfig != null) {
+        return new CloudEnvironment(regionConfig);
+      }
+    }
+
+    return new SelfHostedEnvironment(urls);
+  }
+
+  async setCloudRegion(userId: UserId, region: CloudRegion) {
+    if (userId == null) {
+      await this.globalCloudRegionState.update(() => region);
+    } else {
+      await this.stateProvider.getUser(userId, CLOUD_REGION_KEY).update(() => region);
+    }
+  }
+
+  async getEnvironment(userId?: UserId) {
+    if (userId == null) {
+      return await firstValueFrom(this.environment$);
+    }
+
+    const state = await this.getEnvironmentState(userId);
+    return this.buildEnvironment(state.region, state.urls);
+  }
+
+  private async getEnvironmentState(userId: UserId | null) {
+    // Previous rules dictated that we only get from user scoped state if there is an active user.
+    const activeUserId = await firstValueFrom(this.activeAccountId$);
+    return activeUserId == null
+      ? await firstValueFrom(this.globalState.state$)
+      : await firstValueFrom(
+          this.stateProvider.getUser(userId ?? activeUserId, ENVIRONMENT_KEY).state$,
+        );
+  }
+
+  async seedUserEnvironment(userId: UserId) {
+    const global = await firstValueFrom(this.globalState.state$);
+    await this.stateProvider.getUser(userId, ENVIRONMENT_KEY).update(() => global);
+  }
+}
+
+function formatUrl(url: string): string {
+  if (url == null || url === "") {
+    return null;
+  }
+
+  url = url.replace(/\/+$/g, "");
+  if (!url.startsWith("http://") && !url.startsWith("https://")) {
+    url = "https://" + url;
+  }
+
+  return url.trim();
+}
+
+function isEmpty(u?: Urls): boolean {
+  if (u == null) {
+    return true;
+  }
+
+  return (
+    u.base == null &&
+    u.webVault == null &&
+    u.api == null &&
+    u.identity == null &&
+    u.icons == null &&
+    u.notifications == null &&
+    u.events == null
+  );
+}
+
+abstract class UrlEnvironment implements Environment {
+  constructor(
+    protected region: Region,
+    protected urls: Urls,
+  ) {
+    // Scim is always null for self-hosted
+    if (region == Region.SelfHosted) {
+      this.urls.scim = null;
+    }
+  }
+
+  abstract getHostname(): string;
+
+  getRegion() {
+    return this.region;
+  }
+
+  getUrls() {
+    return {
+      base: this.urls.base,
+      webVault: this.urls.webVault,
+      api: this.urls.api,
+      identity: this.urls.identity,
+      icons: this.urls.icons,
+      notifications: this.urls.notifications,
+      events: this.urls.events,
+      keyConnector: this.urls.keyConnector,
+      scim: this.urls.scim,
+    };
+  }
+
+  hasBaseUrl() {
+    return this.urls.base != null;
+  }
+
+  getWebVaultUrl() {
+    return this.getUrl("webVault", "");
+  }
+
+  getApiUrl() {
+    return this.getUrl("api", "/api");
+  }
+
+  getEventsUrl() {
+    return this.getUrl("events", "/events");
+  }
+
+  getIconsUrl() {
+    return this.getUrl("icons", "/icons");
+  }
+
+  getIdentityUrl() {
+    return this.getUrl("identity", "/identity");
+  }
+
+  getKeyConnectorUrl() {
+    return this.urls.keyConnector;
+  }
+
+  getNotificationsUrl() {
+    return this.getUrl("notifications", "/notifications");
+  }
+
+  getScimUrl() {
+    if (this.urls.scim != null) {
+      return this.urls.scim + "/v2";
+    }
+
+    return this.getWebVaultUrl() === "https://vault.bitwarden.com"
+      ? "https://scim.bitwarden.com/v2"
+      : this.getWebVaultUrl() + "/scim/v2";
+  }
+
+  getSendUrl() {
+    return this.getWebVaultUrl() === "https://vault.bitwarden.com"
+      ? "https://send.bitwarden.com/#"
+      : this.getWebVaultUrl() + "/#/send/";
+  }
+
+  /**
+   * Presume that if the region is not self-hosted, it is cloud.
+   */
+  isCloud(): boolean {
+    return this.region !== Region.SelfHosted;
+  }
+
+  /**
+   * Helper for getting an URL.
+   *
+   * @param key Key of the URL to get from URLs
+   * @param baseSuffix Suffix to append to the base URL if the url is not set
+   * @returns
+   */
+  private getUrl(key: keyof Urls, baseSuffix: string) {
+    if (this.urls[key] != null) {
+      return this.urls[key];
+    }
+
+    if (this.urls.base) {
+      return this.urls.base + baseSuffix;
+    }
+
+    return DEFAULT_REGION_CONFIG.urls[key];
+  }
+}
+
+/**
+ * Denote a cloud environment.
+ */
+export class CloudEnvironment extends UrlEnvironment {
+  constructor(private config: RegionConfig) {
+    super(config.key, config.urls);
+  }
+
+  /**
+   * Cloud always returns nice urls, i.e. bitwarden.com instead of vault.bitwarden.com.
+   */
+  getHostname() {
+    return this.config.domain;
+  }
+}
+
+export class SelfHostedEnvironment extends UrlEnvironment {
+  constructor(urls: Urls) {
+    super(Region.SelfHosted, urls);
+  }
+
+  getHostname() {
+    return Utils.getHost(this.getWebVaultUrl());
+  }
+}
diff --git a/libs/common/src/platform/services/environment.service.spec.ts b/libs/common/src/platform/services/environment.service.spec.ts
deleted file mode 100644
index 1454ada724..0000000000
--- a/libs/common/src/platform/services/environment.service.spec.ts
+++ /dev/null
@@ -1,535 +0,0 @@
-import { mock } from "jest-mock-extended";
-import { firstValueFrom, timeout } from "rxjs";
-
-import { awaitAsync } from "../../../spec";
-import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
-import { FakeStorageService } from "../../../spec/fake-storage.service";
-import { AuthenticationStatus } from "../../auth/enums/authentication-status";
-import { EnvironmentUrls } from "../../auth/models/domain/environment-urls";
-import { UserId } from "../../types/guid";
-import { Region } from "../abstractions/environment.service";
-import { StateProvider } from "../state";
-/* eslint-disable import/no-restricted-paths -- Rare testing need */
-import { DefaultActiveUserStateProvider } from "../state/implementations/default-active-user-state.provider";
-import { DefaultDerivedStateProvider } from "../state/implementations/default-derived-state.provider";
-import { DefaultGlobalStateProvider } from "../state/implementations/default-global-state.provider";
-import { DefaultSingleUserStateProvider } from "../state/implementations/default-single-user-state.provider";
-import { DefaultStateProvider } from "../state/implementations/default-state.provider";
-import { StateEventRegistrarService } from "../state/state-event-registrar.service";
-/* eslint-enable import/no-restricted-paths */
-
-import { EnvironmentService } from "./environment.service";
-import { StorageServiceProvider } from "./storage-service.provider";
-
-// There are a few main states EnvironmentService could be in when first used
-// 1. Not initialized, no active user. Hopefully not to likely but possible
-// 2. Not initialized, with active user. Not likely
-// 3. Initialized, no active user.
-// 4. Initialized, with active user.
-describe("EnvironmentService", () => {
-  let diskStorageService: FakeStorageService;
-  let memoryStorageService: FakeStorageService;
-  let storageServiceProvider: StorageServiceProvider;
-  const stateEventRegistrarService = mock<StateEventRegistrarService>();
-  let accountService: FakeAccountService;
-  let stateProvider: StateProvider;
-
-  let sut: EnvironmentService;
-
-  const testUser = "00000000-0000-1000-a000-000000000001" as UserId;
-  const alternateTestUser = "00000000-0000-1000-a000-000000000002" as UserId;
-
-  beforeEach(async () => {
-    diskStorageService = new FakeStorageService();
-    memoryStorageService = new FakeStorageService();
-    storageServiceProvider = new StorageServiceProvider(diskStorageService, memoryStorageService);
-
-    accountService = mockAccountServiceWith(undefined);
-    const singleUserStateProvider = new DefaultSingleUserStateProvider(
-      storageServiceProvider,
-      stateEventRegistrarService,
-    );
-    stateProvider = new DefaultStateProvider(
-      new DefaultActiveUserStateProvider(accountService, singleUserStateProvider),
-      singleUserStateProvider,
-      new DefaultGlobalStateProvider(storageServiceProvider),
-      new DefaultDerivedStateProvider(memoryStorageService),
-    );
-
-    sut = new EnvironmentService(stateProvider, accountService);
-  });
-
-  const switchUser = async (userId: UserId) => {
-    accountService.activeAccountSubject.next({
-      id: userId,
-      email: "test@example.com",
-      name: `Test Name ${userId}`,
-      status: AuthenticationStatus.Unlocked,
-    });
-    await awaitAsync();
-  };
-
-  const setGlobalData = (region: Region, environmentUrls: EnvironmentUrls) => {
-    const data = diskStorageService.internalStore;
-    data["global_environment_region"] = region;
-    data["global_environment_urls"] = environmentUrls;
-    diskStorageService.internalUpdateStore(data);
-  };
-
-  const getGlobalData = () => {
-    const storage = diskStorageService.internalStore;
-    return {
-      region: storage?.["global_environment_region"],
-      urls: storage?.["global_environment_urls"],
-    };
-  };
-
-  const setUserData = (
-    region: Region,
-    environmentUrls: EnvironmentUrls,
-    userId: UserId = testUser,
-  ) => {
-    const data = diskStorageService.internalStore;
-    data[`user_${userId}_environment_region`] = region;
-    data[`user_${userId}_environment_urls`] = environmentUrls;
-
-    diskStorageService.internalUpdateStore(data);
-  };
-  // END: CAN CHANGE
-
-  const initialize = async (options: { switchUser: boolean }) => {
-    await sut.setUrlsFromStorage();
-    sut.initialized = true;
-
-    if (options.switchUser) {
-      await switchUser(testUser);
-    }
-  };
-
-  const REGION_SETUP = [
-    {
-      region: Region.US,
-      expectedUrls: {
-        webVault: "https://vault.bitwarden.com",
-        identity: "https://identity.bitwarden.com",
-        api: "https://api.bitwarden.com",
-        icons: "https://icons.bitwarden.net",
-        notifications: "https://notifications.bitwarden.com",
-        events: "https://events.bitwarden.com",
-        scim: "https://scim.bitwarden.com/v2",
-        send: "https://send.bitwarden.com/#",
-      },
-    },
-    {
-      region: Region.EU,
-      expectedUrls: {
-        webVault: "https://vault.bitwarden.eu",
-        identity: "https://identity.bitwarden.eu",
-        api: "https://api.bitwarden.eu",
-        icons: "https://icons.bitwarden.eu",
-        notifications: "https://notifications.bitwarden.eu",
-        events: "https://events.bitwarden.eu",
-        scim: "https://scim.bitwarden.eu/v2",
-        send: "https://vault.bitwarden.eu/#/send/",
-      },
-    },
-  ];
-
-  describe("with user", () => {
-    it.each(REGION_SETUP)(
-      "sets correct urls for each region %s",
-      async ({ region, expectedUrls }) => {
-        setUserData(region, new EnvironmentUrls());
-
-        await initialize({ switchUser: true });
-
-        expect(sut.hasBaseUrl()).toBe(false);
-        expect(sut.getWebVaultUrl()).toBe(expectedUrls.webVault);
-        expect(sut.getIdentityUrl()).toBe(expectedUrls.identity);
-        expect(sut.getApiUrl()).toBe(expectedUrls.api);
-        expect(sut.getIconsUrl()).toBe(expectedUrls.icons);
-        expect(sut.getNotificationsUrl()).toBe(expectedUrls.notifications);
-        expect(sut.getEventsUrl()).toBe(expectedUrls.events);
-        expect(sut.getScimUrl()).toBe(expectedUrls.scim);
-        expect(sut.getSendUrl()).toBe(expectedUrls.send);
-        expect(sut.getKeyConnectorUrl()).toBe(null);
-        expect(sut.isCloud()).toBe(true);
-        expect(sut.getUrls()).toEqual({
-          base: null,
-          cloudWebVault: undefined,
-          webVault: expectedUrls.webVault,
-          identity: expectedUrls.identity,
-          api: expectedUrls.api,
-          icons: expectedUrls.icons,
-          notifications: expectedUrls.notifications,
-          events: expectedUrls.events,
-          scim: expectedUrls.scim.replace("/v2", ""),
-          keyConnector: null,
-        });
-      },
-    );
-
-    it("returns user data", async () => {
-      const globalEnvironmentUrls = new EnvironmentUrls();
-      globalEnvironmentUrls.base = "https://global-url.example.com";
-      setGlobalData(Region.SelfHosted, globalEnvironmentUrls);
-
-      const userEnvironmentUrls = new EnvironmentUrls();
-      userEnvironmentUrls.base = "https://user-url.example.com";
-      setUserData(Region.SelfHosted, userEnvironmentUrls);
-
-      await initialize({ switchUser: true });
-
-      expect(sut.getWebVaultUrl()).toBe("https://user-url.example.com");
-      expect(sut.getIdentityUrl()).toBe("https://user-url.example.com/identity");
-      expect(sut.getApiUrl()).toBe("https://user-url.example.com/api");
-      expect(sut.getIconsUrl()).toBe("https://user-url.example.com/icons");
-      expect(sut.getNotificationsUrl()).toBe("https://user-url.example.com/notifications");
-      expect(sut.getEventsUrl()).toBe("https://user-url.example.com/events");
-      expect(sut.getScimUrl()).toBe("https://user-url.example.com/scim/v2");
-      expect(sut.getSendUrl()).toBe("https://user-url.example.com/#/send/");
-      expect(sut.isCloud()).toBe(false);
-      expect(sut.getUrls()).toEqual({
-        base: "https://user-url.example.com",
-        api: null,
-        cloudWebVault: undefined,
-        events: null,
-        icons: null,
-        identity: null,
-        keyConnector: null,
-        notifications: null,
-        scim: null,
-        webVault: null,
-      });
-    });
-  });
-
-  describe("without user", () => {
-    it.each(REGION_SETUP)("gets default urls %s", async ({ region, expectedUrls }) => {
-      setGlobalData(region, new EnvironmentUrls());
-
-      await initialize({ switchUser: false });
-
-      expect(sut.hasBaseUrl()).toBe(false);
-      expect(sut.getWebVaultUrl()).toBe(expectedUrls.webVault);
-      expect(sut.getIdentityUrl()).toBe(expectedUrls.identity);
-      expect(sut.getApiUrl()).toBe(expectedUrls.api);
-      expect(sut.getIconsUrl()).toBe(expectedUrls.icons);
-      expect(sut.getNotificationsUrl()).toBe(expectedUrls.notifications);
-      expect(sut.getEventsUrl()).toBe(expectedUrls.events);
-      expect(sut.getScimUrl()).toBe(expectedUrls.scim);
-      expect(sut.getSendUrl()).toBe(expectedUrls.send);
-      expect(sut.getKeyConnectorUrl()).toBe(null);
-      expect(sut.isCloud()).toBe(true);
-      expect(sut.getUrls()).toEqual({
-        base: null,
-        cloudWebVault: undefined,
-        webVault: expectedUrls.webVault,
-        identity: expectedUrls.identity,
-        api: expectedUrls.api,
-        icons: expectedUrls.icons,
-        notifications: expectedUrls.notifications,
-        events: expectedUrls.events,
-        scim: expectedUrls.scim.replace("/v2", ""),
-        keyConnector: null,
-      });
-    });
-
-    it("gets global data", async () => {
-      const globalEnvironmentUrls = new EnvironmentUrls();
-      globalEnvironmentUrls.base = "https://global-url.example.com";
-      globalEnvironmentUrls.keyConnector = "https://global-key-connector.example.com";
-      setGlobalData(Region.SelfHosted, globalEnvironmentUrls);
-
-      const userEnvironmentUrls = new EnvironmentUrls();
-      userEnvironmentUrls.base = "https://user-url.example.com";
-      userEnvironmentUrls.keyConnector = "https://user-key-connector.example.com";
-      setUserData(Region.SelfHosted, userEnvironmentUrls);
-
-      await initialize({ switchUser: false });
-
-      expect(sut.getWebVaultUrl()).toBe("https://global-url.example.com");
-      expect(sut.getIdentityUrl()).toBe("https://global-url.example.com/identity");
-      expect(sut.getApiUrl()).toBe("https://global-url.example.com/api");
-      expect(sut.getIconsUrl()).toBe("https://global-url.example.com/icons");
-      expect(sut.getNotificationsUrl()).toBe("https://global-url.example.com/notifications");
-      expect(sut.getEventsUrl()).toBe("https://global-url.example.com/events");
-      expect(sut.getScimUrl()).toBe("https://global-url.example.com/scim/v2");
-      expect(sut.getSendUrl()).toBe("https://global-url.example.com/#/send/");
-      expect(sut.getKeyConnectorUrl()).toBe("https://global-key-connector.example.com");
-      expect(sut.isCloud()).toBe(false);
-      expect(sut.getUrls()).toEqual({
-        api: null,
-        base: "https://global-url.example.com",
-        cloudWebVault: undefined,
-        webVault: null,
-        events: null,
-        icons: null,
-        identity: null,
-        keyConnector: "https://global-key-connector.example.com",
-        notifications: null,
-        scim: null,
-      });
-    });
-  });
-
-  it("returns US defaults when not initialized", async () => {
-    setGlobalData(Region.EU, new EnvironmentUrls());
-    setUserData(Region.EU, new EnvironmentUrls());
-
-    expect(sut.initialized).toBe(false);
-
-    expect(sut.hasBaseUrl()).toBe(false);
-    expect(sut.getWebVaultUrl()).toBe("https://vault.bitwarden.com");
-    expect(sut.getIdentityUrl()).toBe("https://identity.bitwarden.com");
-    expect(sut.getApiUrl()).toBe("https://api.bitwarden.com");
-    expect(sut.getIconsUrl()).toBe("https://icons.bitwarden.net");
-    expect(sut.getNotificationsUrl()).toBe("https://notifications.bitwarden.com");
-    expect(sut.getEventsUrl()).toBe("https://events.bitwarden.com");
-    expect(sut.getScimUrl()).toBe("https://scim.bitwarden.com/v2");
-    expect(sut.getKeyConnectorUrl()).toBe(undefined);
-    expect(sut.isCloud()).toBe(true);
-  });
-
-  describe("setUrls", () => {
-    it("set just a base url", async () => {
-      await initialize({ switchUser: true });
-
-      await sut.setUrls({
-        base: "base.example.com",
-      });
-
-      const globalData = getGlobalData();
-      expect(globalData.region).toBe(Region.SelfHosted);
-      expect(globalData.urls).toEqual({
-        base: "https://base.example.com",
-        api: null,
-        identity: null,
-        webVault: null,
-        icons: null,
-        notifications: null,
-        events: null,
-        keyConnector: null,
-      });
-    });
-
-    it("sets all urls", async () => {
-      await initialize({ switchUser: true });
-
-      expect(sut.getScimUrl()).toBe("https://scim.bitwarden.com/v2");
-
-      await sut.setUrls({
-        base: "base.example.com",
-        api: "api.example.com",
-        identity: "identity.example.com",
-        webVault: "vault.example.com",
-        icons: "icons.example.com",
-        notifications: "notifications.example.com",
-        scim: "scim.example.com",
-      });
-
-      const globalData = getGlobalData();
-      expect(globalData.region).toBe(Region.SelfHosted);
-      expect(globalData.urls).toEqual({
-        base: "https://base.example.com",
-        api: "https://api.example.com",
-        identity: "https://identity.example.com",
-        webVault: "https://vault.example.com",
-        icons: "https://icons.example.com",
-        notifications: "https://notifications.example.com",
-        events: null,
-        keyConnector: null,
-      });
-      expect(sut.getScimUrl()).toBe("https://scim.example.com/v2");
-    });
-  });
-
-  describe("setRegion", () => {
-    it("sets the region on the global object even if there is a user.", async () => {
-      setGlobalData(Region.EU, new EnvironmentUrls());
-      setUserData(Region.EU, new EnvironmentUrls());
-
-      await initialize({ switchUser: true });
-
-      await sut.setRegion(Region.US);
-
-      const globalData = getGlobalData();
-      expect(globalData.region).toBe(Region.US);
-    });
-  });
-
-  describe("getHost", () => {
-    it.each([
-      { region: Region.US, expectedHost: "bitwarden.com" },
-      { region: Region.EU, expectedHost: "bitwarden.eu" },
-    ])("gets it from user data if there is an active user", async ({ region, expectedHost }) => {
-      setGlobalData(Region.US, new EnvironmentUrls());
-      setUserData(region, new EnvironmentUrls());
-
-      await initialize({ switchUser: true });
-
-      const host = await sut.getHost();
-      expect(host).toBe(expectedHost);
-    });
-
-    it.each([
-      { region: Region.US, expectedHost: "bitwarden.com" },
-      { region: Region.EU, expectedHost: "bitwarden.eu" },
-    ])("gets it from global data if there is no active user", async ({ region, expectedHost }) => {
-      setGlobalData(region, new EnvironmentUrls());
-      setUserData(Region.US, new EnvironmentUrls());
-
-      await initialize({ switchUser: false });
-
-      const host = await sut.getHost();
-      expect(host).toBe(expectedHost);
-    });
-
-    it.each([
-      { region: Region.US, expectedHost: "bitwarden.com" },
-      { region: Region.EU, expectedHost: "bitwarden.eu" },
-    ])(
-      "gets it from global state if there is no active user even if a user id is passed in.",
-      async ({ region, expectedHost }) => {
-        setGlobalData(region, new EnvironmentUrls());
-        setUserData(Region.US, new EnvironmentUrls());
-
-        await initialize({ switchUser: false });
-
-        const host = await sut.getHost(testUser);
-        expect(host).toBe(expectedHost);
-      },
-    );
-
-    it.each([
-      { region: Region.US, expectedHost: "bitwarden.com" },
-      { region: Region.EU, expectedHost: "bitwarden.eu" },
-    ])(
-      "gets it from the passed in userId if there is any active user: %s",
-      async ({ region, expectedHost }) => {
-        setGlobalData(Region.US, new EnvironmentUrls());
-        setUserData(Region.US, new EnvironmentUrls());
-        setUserData(region, new EnvironmentUrls(), alternateTestUser);
-
-        await initialize({ switchUser: true });
-
-        const host = await sut.getHost(alternateTestUser);
-        expect(host).toBe(expectedHost);
-      },
-    );
-
-    it("gets it from base url saved in self host config", async () => {
-      const globalSelfHostUrls = new EnvironmentUrls();
-      globalSelfHostUrls.base = "https://base.example.com";
-      setGlobalData(Region.SelfHosted, globalSelfHostUrls);
-      setUserData(Region.EU, new EnvironmentUrls());
-
-      await initialize({ switchUser: false });
-
-      const host = await sut.getHost();
-      expect(host).toBe("base.example.com");
-    });
-
-    it("gets it from webVault url saved in self host config", async () => {
-      const globalSelfHostUrls = new EnvironmentUrls();
-      globalSelfHostUrls.webVault = "https://vault.example.com";
-      globalSelfHostUrls.base = "https://base.example.com";
-      setGlobalData(Region.SelfHosted, globalSelfHostUrls);
-      setUserData(Region.EU, new EnvironmentUrls());
-
-      await initialize({ switchUser: false });
-
-      const host = await sut.getHost();
-      expect(host).toBe("vault.example.com");
-    });
-
-    it("gets it from saved self host config from passed in user when there is an active user", async () => {
-      setGlobalData(Region.US, new EnvironmentUrls());
-      setUserData(Region.EU, new EnvironmentUrls());
-
-      const selfHostUserUrls = new EnvironmentUrls();
-      selfHostUserUrls.base = "https://base.example.com";
-      setUserData(Region.SelfHosted, selfHostUserUrls, alternateTestUser);
-
-      await initialize({ switchUser: true });
-
-      const host = await sut.getHost(alternateTestUser);
-      expect(host).toBe("base.example.com");
-    });
-  });
-
-  describe("setUrlsFromStorage", () => {
-    it("will set the global data to Region US if no existing data", async () => {
-      await sut.setUrlsFromStorage();
-
-      expect(sut.getWebVaultUrl()).toBe("https://vault.bitwarden.com");
-
-      const globalData = getGlobalData();
-      expect(globalData.region).toBe(Region.US);
-    });
-
-    it("will set the urls to whatever is in global", async () => {
-      setGlobalData(Region.EU, new EnvironmentUrls());
-
-      await sut.setUrlsFromStorage();
-
-      expect(sut.getWebVaultUrl()).toBe("https://vault.bitwarden.eu");
-    });
-
-    it("recovers from previous bug", async () => {
-      const buggedEnvironmentUrls = new EnvironmentUrls();
-      buggedEnvironmentUrls.base = "https://vault.bitwarden.com";
-      buggedEnvironmentUrls.notifications = null;
-      setGlobalData(null, buggedEnvironmentUrls);
-
-      const urlEmission = firstValueFrom(sut.urls.pipe(timeout(100)));
-
-      await sut.setUrlsFromStorage();
-
-      await urlEmission;
-
-      const globalData = getGlobalData();
-      expect(globalData.region).toBe(Region.US);
-      expect(globalData.urls).toEqual({
-        base: null,
-        api: null,
-        identity: null,
-        events: null,
-        icons: null,
-        notifications: null,
-        keyConnector: null,
-        webVault: null,
-      });
-    });
-
-    it("will get urls from signed in user", async () => {
-      await switchUser(testUser);
-
-      const userUrls = new EnvironmentUrls();
-      userUrls.base = "base.example.com";
-      setUserData(Region.SelfHosted, userUrls);
-
-      await sut.setUrlsFromStorage();
-
-      expect(sut.getWebVaultUrl()).toBe("base.example.com");
-    });
-  });
-
-  describe("getCloudWebVaultUrl", () => {
-    it("no extra initialization, returns US vault", () => {
-      expect(sut.getCloudWebVaultUrl()).toBe("https://vault.bitwarden.com");
-    });
-
-    it.each([
-      { region: Region.US, expectedVault: "https://vault.bitwarden.com" },
-      { region: Region.EU, expectedVault: "https://vault.bitwarden.eu" },
-      { region: Region.SelfHosted, expectedVault: "https://vault.bitwarden.com" },
-    ])(
-      "no extra initialization, returns expected host for each region %s",
-      ({ region, expectedVault }) => {
-        expect(sut.setCloudWebVaultUrl(region));
-        expect(sut.getCloudWebVaultUrl()).toBe(expectedVault);
-      },
-    );
-  });
-});
diff --git a/libs/common/src/platform/services/environment.service.ts b/libs/common/src/platform/services/environment.service.ts
deleted file mode 100644
index ba39ec4025..0000000000
--- a/libs/common/src/platform/services/environment.service.ts
+++ /dev/null
@@ -1,418 +0,0 @@
-import {
-  concatMap,
-  distinctUntilChanged,
-  firstValueFrom,
-  map,
-  Observable,
-  ReplaySubject,
-} from "rxjs";
-
-import { AccountService } from "../../auth/abstractions/account.service";
-import { EnvironmentUrls } from "../../auth/models/domain/environment-urls";
-import { UserId } from "../../types/guid";
-import {
-  EnvironmentService as EnvironmentServiceAbstraction,
-  Region,
-  RegionDomain,
-  Urls,
-} from "../abstractions/environment.service";
-import { Utils } from "../misc/utils";
-import { ENVIRONMENT_DISK, GlobalState, KeyDefinition, StateProvider } from "../state";
-
-const REGION_KEY = new KeyDefinition<Region>(ENVIRONMENT_DISK, "region", {
-  deserializer: (s) => s,
-});
-
-const URLS_KEY = new KeyDefinition<EnvironmentUrls>(ENVIRONMENT_DISK, "urls", {
-  deserializer: EnvironmentUrls.fromJSON,
-});
-
-export class EnvironmentService implements EnvironmentServiceAbstraction {
-  private readonly urlsSubject = new ReplaySubject<void>(1);
-  urls: Observable<void> = this.urlsSubject.asObservable();
-  selectedRegion?: Region;
-  initialized = false;
-
-  protected baseUrl: string;
-  protected webVaultUrl: string;
-  protected apiUrl: string;
-  protected identityUrl: string;
-  protected iconsUrl: string;
-  protected notificationsUrl: string;
-  protected eventsUrl: string;
-  private keyConnectorUrl: string;
-  private scimUrl: string = null;
-  private cloudWebVaultUrl: string;
-
-  private regionGlobalState: GlobalState<Region | null>;
-  private urlsGlobalState: GlobalState<EnvironmentUrls | null>;
-
-  private activeAccountId$: Observable<UserId | null>;
-
-  readonly usUrls: Urls = {
-    base: null,
-    api: "https://api.bitwarden.com",
-    identity: "https://identity.bitwarden.com",
-    icons: "https://icons.bitwarden.net",
-    webVault: "https://vault.bitwarden.com",
-    notifications: "https://notifications.bitwarden.com",
-    events: "https://events.bitwarden.com",
-    scim: "https://scim.bitwarden.com",
-  };
-
-  readonly euUrls: Urls = {
-    base: null,
-    api: "https://api.bitwarden.eu",
-    identity: "https://identity.bitwarden.eu",
-    icons: "https://icons.bitwarden.eu",
-    webVault: "https://vault.bitwarden.eu",
-    notifications: "https://notifications.bitwarden.eu",
-    events: "https://events.bitwarden.eu",
-    scim: "https://scim.bitwarden.eu",
-  };
-
-  constructor(
-    private stateProvider: StateProvider,
-    private accountService: AccountService,
-  ) {
-    // We intentionally don't want the helper on account service, we want the null back if there is no active user
-    this.activeAccountId$ = this.accountService.activeAccount$.pipe(map((a) => a?.id));
-
-    // TODO: Get rid of early subscription during EnvironmentService refactor
-    this.activeAccountId$
-      .pipe(
-        // Use == here to not trigger on undefined -> null transition
-        distinctUntilChanged((oldUserId: string, newUserId: string) => oldUserId == newUserId),
-        concatMap(async () => {
-          if (!this.initialized) {
-            return;
-          }
-          await this.setUrlsFromStorage();
-        }),
-      )
-      .subscribe();
-
-    this.regionGlobalState = this.stateProvider.getGlobal(REGION_KEY);
-    this.urlsGlobalState = this.stateProvider.getGlobal(URLS_KEY);
-  }
-
-  hasBaseUrl() {
-    return this.baseUrl != null;
-  }
-
-  getNotificationsUrl() {
-    if (this.notificationsUrl != null) {
-      return this.notificationsUrl;
-    }
-
-    if (this.baseUrl != null) {
-      return this.baseUrl + "/notifications";
-    }
-
-    return "https://notifications.bitwarden.com";
-  }
-
-  getWebVaultUrl() {
-    if (this.webVaultUrl != null) {
-      return this.webVaultUrl;
-    }
-
-    if (this.baseUrl) {
-      return this.baseUrl;
-    }
-    return "https://vault.bitwarden.com";
-  }
-
-  getCloudWebVaultUrl() {
-    if (this.cloudWebVaultUrl != null) {
-      return this.cloudWebVaultUrl;
-    }
-
-    return this.usUrls.webVault;
-  }
-
-  setCloudWebVaultUrl(region: Region) {
-    switch (region) {
-      case Region.EU:
-        this.cloudWebVaultUrl = this.euUrls.webVault;
-        break;
-      case Region.US:
-      default:
-        this.cloudWebVaultUrl = this.usUrls.webVault;
-        break;
-    }
-  }
-
-  getSendUrl() {
-    return this.getWebVaultUrl() === "https://vault.bitwarden.com"
-      ? "https://send.bitwarden.com/#"
-      : this.getWebVaultUrl() + "/#/send/";
-  }
-
-  getIconsUrl() {
-    if (this.iconsUrl != null) {
-      return this.iconsUrl;
-    }
-
-    if (this.baseUrl) {
-      return this.baseUrl + "/icons";
-    }
-
-    return "https://icons.bitwarden.net";
-  }
-
-  getApiUrl() {
-    if (this.apiUrl != null) {
-      return this.apiUrl;
-    }
-
-    if (this.baseUrl) {
-      return this.baseUrl + "/api";
-    }
-
-    return "https://api.bitwarden.com";
-  }
-
-  getIdentityUrl() {
-    if (this.identityUrl != null) {
-      return this.identityUrl;
-    }
-
-    if (this.baseUrl) {
-      return this.baseUrl + "/identity";
-    }
-
-    return "https://identity.bitwarden.com";
-  }
-
-  getEventsUrl() {
-    if (this.eventsUrl != null) {
-      return this.eventsUrl;
-    }
-
-    if (this.baseUrl) {
-      return this.baseUrl + "/events";
-    }
-
-    return "https://events.bitwarden.com";
-  }
-
-  getKeyConnectorUrl() {
-    return this.keyConnectorUrl;
-  }
-
-  getScimUrl() {
-    if (this.scimUrl != null) {
-      return this.scimUrl + "/v2";
-    }
-
-    return this.getWebVaultUrl() === "https://vault.bitwarden.com"
-      ? "https://scim.bitwarden.com/v2"
-      : this.getWebVaultUrl() + "/scim/v2";
-  }
-
-  async setUrlsFromStorage(): Promise<void> {
-    const activeUserId = await firstValueFrom(this.activeAccountId$);
-
-    const region = await this.getRegion(activeUserId);
-    const savedUrls = await this.getEnvironmentUrls(activeUserId);
-    const envUrls = new EnvironmentUrls();
-
-    // In release `2023.5.0`, we set the `base` property of the environment URLs to the US web vault URL when a user clicked the "US" region.
-    // This check will detect these cases and convert them to the proper region instead.
-    // We are detecting this by checking for the presence of the web vault URL in the `base` and the absence of the `notifications` property.
-    // This is because the `notifications` will not be `null` in the web vault, and we don't want to migrate the URLs in that case.
-    if (savedUrls.base === "https://vault.bitwarden.com" && savedUrls.notifications == null) {
-      await this.setRegion(Region.US);
-      return;
-    }
-
-    switch (region) {
-      case Region.EU:
-        await this.setRegion(Region.EU);
-        return;
-      case Region.US:
-        await this.setRegion(Region.US);
-        return;
-      case Region.SelfHosted:
-      case null:
-      default:
-        this.baseUrl = envUrls.base = savedUrls.base;
-        this.webVaultUrl = savedUrls.webVault;
-        this.apiUrl = envUrls.api = savedUrls.api;
-        this.identityUrl = envUrls.identity = savedUrls.identity;
-        this.iconsUrl = savedUrls.icons;
-        this.notificationsUrl = savedUrls.notifications;
-        this.eventsUrl = envUrls.events = savedUrls.events;
-        this.keyConnectorUrl = savedUrls.keyConnector;
-        await this.setRegion(Region.SelfHosted);
-        // scimUrl is not saved to storage
-        this.urlsSubject.next();
-        break;
-    }
-  }
-
-  async setUrls(urls: Urls): Promise<Urls> {
-    urls.base = this.formatUrl(urls.base);
-    urls.webVault = this.formatUrl(urls.webVault);
-    urls.api = this.formatUrl(urls.api);
-    urls.identity = this.formatUrl(urls.identity);
-    urls.icons = this.formatUrl(urls.icons);
-    urls.notifications = this.formatUrl(urls.notifications);
-    urls.events = this.formatUrl(urls.events);
-    urls.keyConnector = this.formatUrl(urls.keyConnector);
-
-    // scimUrl cannot be cleared
-    urls.scim = this.formatUrl(urls.scim) ?? this.scimUrl;
-
-    // Don't save scim url
-    await this.urlsGlobalState.update(() => ({
-      base: urls.base,
-      api: urls.api,
-      identity: urls.identity,
-      webVault: urls.webVault,
-      icons: urls.icons,
-      notifications: urls.notifications,
-      events: urls.events,
-      keyConnector: urls.keyConnector,
-    }));
-
-    this.baseUrl = urls.base;
-    this.webVaultUrl = urls.webVault;
-    this.apiUrl = urls.api;
-    this.identityUrl = urls.identity;
-    this.iconsUrl = urls.icons;
-    this.notificationsUrl = urls.notifications;
-    this.eventsUrl = urls.events;
-    this.keyConnectorUrl = urls.keyConnector;
-    this.scimUrl = urls.scim;
-
-    await this.setRegion(Region.SelfHosted);
-
-    this.urlsSubject.next();
-
-    return urls;
-  }
-
-  getUrls() {
-    return {
-      base: this.baseUrl,
-      webVault: this.webVaultUrl,
-      cloudWebVault: this.cloudWebVaultUrl,
-      api: this.apiUrl,
-      identity: this.identityUrl,
-      icons: this.iconsUrl,
-      notifications: this.notificationsUrl,
-      events: this.eventsUrl,
-      keyConnector: this.keyConnectorUrl,
-      scim: this.scimUrl,
-    };
-  }
-
-  isEmpty(): boolean {
-    return (
-      this.baseUrl == null &&
-      this.webVaultUrl == null &&
-      this.apiUrl == null &&
-      this.identityUrl == null &&
-      this.iconsUrl == null &&
-      this.notificationsUrl == null &&
-      this.eventsUrl == null
-    );
-  }
-
-  async getHost(userId?: UserId) {
-    const region = await this.getRegion(userId);
-
-    switch (region) {
-      case Region.US:
-        return RegionDomain.US;
-      case Region.EU:
-        return RegionDomain.EU;
-      default: {
-        // Environment is self-hosted
-        const envUrls = await this.getEnvironmentUrls(userId);
-        return Utils.getHost(envUrls.webVault || envUrls.base);
-      }
-    }
-  }
-
-  private async getRegion(userId: UserId | null) {
-    // Previous rules dictated that we only get from user scoped state if there is an active user.
-    const activeUserId = await firstValueFrom(this.activeAccountId$);
-    return activeUserId == null
-      ? await firstValueFrom(this.regionGlobalState.state$)
-      : await firstValueFrom(this.stateProvider.getUser(userId ?? activeUserId, REGION_KEY).state$);
-  }
-
-  private async getEnvironmentUrls(userId: UserId | null) {
-    return userId == null
-      ? (await firstValueFrom(this.urlsGlobalState.state$)) ?? new EnvironmentUrls()
-      : (await firstValueFrom(this.stateProvider.getUser(userId, URLS_KEY).state$)) ??
-          new EnvironmentUrls();
-  }
-
-  async setRegion(region: Region) {
-    this.selectedRegion = region;
-    await this.regionGlobalState.update(() => region);
-
-    if (region === Region.SelfHosted) {
-      // If user saves a self-hosted region with empty fields, default to US
-      if (this.isEmpty()) {
-        await this.setRegion(Region.US);
-      }
-    } else {
-      // If we are setting the region to EU or US, clear the self-hosted URLs
-      await this.urlsGlobalState.update(() => new EnvironmentUrls());
-      if (region === Region.EU) {
-        this.setUrlsInternal(this.euUrls);
-      } else if (region === Region.US) {
-        this.setUrlsInternal(this.usUrls);
-      }
-    }
-  }
-
-  async seedUserEnvironment(userId: UserId) {
-    const globalRegion = await firstValueFrom(this.regionGlobalState.state$);
-    const globalUrls = await firstValueFrom(this.urlsGlobalState.state$);
-    await this.stateProvider.getUser(userId, REGION_KEY).update(() => globalRegion);
-    await this.stateProvider.getUser(userId, URLS_KEY).update(() => globalUrls);
-  }
-
-  private setUrlsInternal(urls: Urls) {
-    this.baseUrl = this.formatUrl(urls.base);
-    this.webVaultUrl = this.formatUrl(urls.webVault);
-    this.apiUrl = this.formatUrl(urls.api);
-    this.identityUrl = this.formatUrl(urls.identity);
-    this.iconsUrl = this.formatUrl(urls.icons);
-    this.notificationsUrl = this.formatUrl(urls.notifications);
-    this.eventsUrl = this.formatUrl(urls.events);
-    this.keyConnectorUrl = this.formatUrl(urls.keyConnector);
-
-    // scimUrl cannot be cleared
-    this.scimUrl = this.formatUrl(urls.scim) ?? this.scimUrl;
-    this.urlsSubject.next();
-  }
-
-  private formatUrl(url: string): string {
-    if (url == null || url === "") {
-      return null;
-    }
-
-    url = url.replace(/\/+$/g, "");
-    if (!url.startsWith("http://") && !url.startsWith("https://")) {
-      url = "https://" + url;
-    }
-
-    return url.trim();
-  }
-
-  isCloud(): boolean {
-    return [
-      "https://api.bitwarden.com",
-      "https://vault.bitwarden.com/api",
-      "https://api.bitwarden.eu",
-      "https://vault.bitwarden.eu/api",
-    ].includes(this.getApiUrl());
-  }
-}
diff --git a/libs/common/src/platform/services/migration-builder.service.spec.ts b/libs/common/src/platform/services/migration-builder.service.spec.ts
index c06d4bf53c..1330ea07a4 100644
--- a/libs/common/src/platform/services/migration-builder.service.spec.ts
+++ b/libs/common/src/platform/services/migration-builder.service.spec.ts
@@ -82,6 +82,7 @@ describe("MigrationBuilderService", () => {
       startingStateVersion,
       new FakeStorageService(startingState),
       mock(),
+      "general",
     );
 
     await sut.build().migrate(helper);
diff --git a/libs/common/src/platform/services/migration-runner.ts b/libs/common/src/platform/services/migration-runner.ts
index f900343424..006031f7e5 100644
--- a/libs/common/src/platform/services/migration-runner.ts
+++ b/libs/common/src/platform/services/migration-runner.ts
@@ -18,6 +18,7 @@ export class MigrationRunner {
       await currentVersion(this.diskStorage, this.logService),
       this.diskStorage,
       this.logService,
+      "general",
     );
 
     if (migrationHelper.currentVersion < 0) {
diff --git a/libs/common/src/platform/services/state.service.ts b/libs/common/src/platform/services/state.service.ts
index 58ef26b1d1..32bbc5f2f9 100644
--- a/libs/common/src/platform/services/state.service.ts
+++ b/libs/common/src/platform/services/state.service.ts
@@ -8,14 +8,13 @@ import { AdminAuthRequestStorable } from "../../auth/models/domain/admin-auth-re
 import { ForceSetPasswordReason } from "../../auth/models/domain/force-set-password-reason";
 import { KdfConfig } from "../../auth/models/domain/kdf-config";
 import { BiometricKey } from "../../auth/types/biometric-key";
-import { WindowState } from "../../models/domain/window-state";
 import { GeneratorOptions } from "../../tools/generator/generator-options";
 import { GeneratedPasswordHistory, PasswordGeneratorOptions } from "../../tools/generator/password";
 import { UsernameGeneratorOptions } from "../../tools/generator/username";
 import { SendData } from "../../tools/send/models/data/send.data";
 import { SendView } from "../../tools/send/models/view/send.view";
 import { UserId } from "../../types/guid";
-import { DeviceKey, MasterKey } from "../../types/key";
+import { MasterKey } from "../../types/key";
 import { EnvironmentService } from "../abstractions/environment.service";
 import { LogService } from "../abstractions/log.service";
 import {
@@ -29,13 +28,7 @@ import {
 import { HtmlStorageLocation, KdfType, StorageLocation } from "../enums";
 import { StateFactory } from "../factories/state-factory";
 import { Utils } from "../misc/utils";
-import { ServerConfigData } from "../models/data/server-config.data";
-import {
-  Account,
-  AccountData,
-  AccountDecryptionOptions,
-  AccountSettings,
-} from "../models/domain/account";
+import { Account, AccountData, AccountSettings } from "../models/domain/account";
 import { EncString } from "../models/domain/enc-string";
 import { GlobalState } from "../models/domain/global-state";
 import { State } from "../models/domain/state";
@@ -250,59 +243,6 @@ export class StateService<
     return currentUser as UserId;
   }
 
-  async getAlwaysShowDock(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.alwaysShowDock ?? false
-    );
-  }
-
-  async setAlwaysShowDock(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.alwaysShowDock = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getBiometricFingerprintValidated(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.biometricFingerprintValidated ?? false
-    );
-  }
-
-  async setBiometricFingerprintValidated(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.biometricFingerprintValidated = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getConvertAccountToKeyConnector(options?: StorageOptions): Promise<boolean> {
-    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.profile?.convertAccountToKeyConnector;
-  }
-
-  async setConvertAccountToKeyConnector(value: boolean, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    account.profile.convertAccountToKeyConnector = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   /**
    * @deprecated Do not save the Master Key. Use the User Symmetric Key instead
    */
@@ -642,24 +582,6 @@ export class StateService<
     );
   }
 
-  async getDisableGa(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.settings?.disableGa ?? false
-    );
-  }
-
-  async setDisableGa(value: boolean, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    account.settings.disableGa = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   async getDuckDuckGoSharedKey(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
     if (options?.userId == null) {
@@ -678,39 +600,6 @@ export class StateService<
       : await this.secureStorageService.save(DDG_SHARED_KEY, value, options);
   }
 
-  async getDeviceKey(options?: StorageOptions): Promise<DeviceKey | null> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-
-    if (options?.userId == null) {
-      return null;
-    }
-
-    const account = await this.getAccount(options);
-
-    const existingDeviceKey = account?.keys?.deviceKey;
-
-    // Must manually instantiate the SymmetricCryptoKey class from the JSON object
-    if (existingDeviceKey != null) {
-      return SymmetricCryptoKey.fromJSON(existingDeviceKey) as DeviceKey;
-    } else {
-      return null;
-    }
-  }
-
-  async setDeviceKey(value: DeviceKey | null, options?: StorageOptions): Promise<void> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-
-    if (options?.userId == null) {
-      return;
-    }
-
-    const account = await this.getAccount(options);
-
-    account.keys.deviceKey = value?.toJSON() ?? null;
-
-    await this.saveAccount(account, options);
-  }
-
   async getAdminAuthRequest(options?: StorageOptions): Promise<AdminAuthRequestStorable | null> {
     options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
 
@@ -742,62 +631,6 @@ export class StateService<
     await this.saveAccount(account, options);
   }
 
-  async getShouldTrustDevice(options?: StorageOptions): Promise<boolean | null> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-
-    if (options?.userId == null) {
-      return null;
-    }
-
-    const account = await this.getAccount(options);
-
-    return account?.settings?.trustDeviceChoiceForDecryption ?? null;
-  }
-
-  async setShouldTrustDevice(value: boolean, options?: StorageOptions): Promise<void> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-    if (options?.userId == null) {
-      return;
-    }
-
-    const account = await this.getAccount(options);
-
-    account.settings.trustDeviceChoiceForDecryption = value;
-
-    await this.saveAccount(account, options);
-  }
-
-  async getAccountDecryptionOptions(
-    options?: StorageOptions,
-  ): Promise<AccountDecryptionOptions | null> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-
-    if (options?.userId == null) {
-      return null;
-    }
-
-    const account = await this.getAccount(options);
-
-    return account?.decryptionOptions as AccountDecryptionOptions;
-  }
-
-  async setAccountDecryptionOptions(
-    value: AccountDecryptionOptions,
-    options?: StorageOptions,
-  ): Promise<void> {
-    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
-
-    if (options?.userId == null) {
-      return;
-    }
-
-    const account = await this.getAccount(options);
-
-    account.decryptionOptions = value;
-
-    await this.saveAccount(account, options);
-  }
-
   async getEmail(options?: StorageOptions): Promise<string> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
@@ -833,36 +666,6 @@ export class StateService<
     );
   }
 
-  async getEnableAlwaysOnTop(options?: StorageOptions): Promise<boolean> {
-    const accountPreference = (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.settings?.enableAlwaysOnTop;
-    const globalPreference = (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.enableAlwaysOnTop;
-    return accountPreference ?? globalPreference ?? false;
-  }
-
-  async setEnableAlwaysOnTop(value: boolean, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    account.settings.enableAlwaysOnTop = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableAlwaysOnTop = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   async getEnableBrowserIntegration(options?: StorageOptions): Promise<boolean> {
     return (
       (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
@@ -902,99 +705,6 @@ export class StateService<
     );
   }
 
-  async getEnableCloseToTray(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.enableCloseToTray ?? false
-    );
-  }
-
-  async setEnableCloseToTray(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableCloseToTray = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getEnableDuckDuckGoBrowserIntegration(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.enableDuckDuckGoBrowserIntegration ?? false
-    );
-  }
-
-  async setEnableDuckDuckGoBrowserIntegration(
-    value: boolean,
-    options?: StorageOptions,
-  ): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableDuckDuckGoBrowserIntegration = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getEnableMinimizeToTray(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.enableMinimizeToTray ?? false
-    );
-  }
-
-  async setEnableMinimizeToTray(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableMinimizeToTray = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getEnableStartToTray(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.enableStartToTray ?? false
-    );
-  }
-
-  async setEnableStartToTray(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableStartToTray = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async getEnableTray(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.enableTray ?? false
-    );
-  }
-
-  async setEnableTray(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.enableTray = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   /**
    * @deprecated Use UserKey instead
    */
@@ -1107,23 +817,6 @@ export class StateService<
     );
   }
 
-  async getInstalledVersion(options?: StorageOptions): Promise<string> {
-    return (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.installedVersion;
-  }
-
-  async setInstalledVersion(value: string, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.installedVersion = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   async getIsAuthenticated(options?: StorageOptions): Promise<boolean> {
     return (
       (await this.tokenService.getAccessToken(options?.userId as UserId)) != null &&
@@ -1237,40 +930,6 @@ export class StateService<
     );
   }
 
-  async getLocale(options?: StorageOptions): Promise<string> {
-    return (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
-    )?.locale;
-  }
-
-  async setLocale(value: string, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-    globals.locale = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-  }
-
-  async getMainWindowSize(options?: StorageOptions): Promise<number> {
-    return (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
-    )?.mainWindowSize;
-  }
-
-  async setMainWindowSize(value: number, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-    globals.mainWindowSize = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
-    );
-  }
-
   async getMinimizeOnCopyToClipboard(options?: StorageOptions): Promise<boolean> {
     return (
       (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
@@ -1289,24 +948,6 @@ export class StateService<
     );
   }
 
-  async getOpenAtLogin(options?: StorageOptions): Promise<boolean> {
-    return (
-      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.openAtLogin ?? false
-    );
-  }
-
-  async setOpenAtLogin(value: boolean, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.openAtLogin = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   async getOrganizationInvitation(options?: StorageOptions): Promise<any> {
     return (
       await this.getGlobals(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
@@ -1398,23 +1039,6 @@ export class StateService<
     );
   }
 
-  async getRememberedEmail(options?: StorageOptions): Promise<string> {
-    return (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
-    )?.rememberedEmail;
-  }
-
-  async setRememberedEmail(value: string, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-    globals.rememberedEmail = value;
-    await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-  }
-
   async getSecurityStamp(options?: StorageOptions): Promise<string> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
@@ -1438,23 +1062,6 @@ export class StateService<
     )?.profile?.userId;
   }
 
-  async getUsesKeyConnector(options?: StorageOptions): Promise<boolean> {
-    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
-    )?.profile?.usesKeyConnector;
-  }
-
-  async setUsesKeyConnector(value: boolean, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    account.profile.usesKeyConnector = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
   async getVaultTimeout(options?: StorageOptions): Promise<number> {
     const accountVaultTimeout = (
       await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
@@ -1516,41 +1123,6 @@ export class StateService<
     );
   }
 
-  async getWindow(): Promise<WindowState> {
-    const globals = await this.getGlobals(await this.defaultOnDiskOptions());
-    return globals?.window != null && Object.keys(globals.window).length > 0
-      ? globals.window
-      : new WindowState();
-  }
-
-  async setWindow(value: WindowState, options?: StorageOptions): Promise<void> {
-    const globals = await this.getGlobals(
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-    globals.window = value;
-    return await this.saveGlobals(
-      globals,
-      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
-    );
-  }
-
-  async setServerConfig(value: ServerConfigData, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-    account.settings.serverConfig = value;
-    return await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()),
-    );
-  }
-
-  async getServerConfig(options: StorageOptions): Promise<ServerConfigData> {
-    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
-    )?.settings?.serverConfig;
-  }
-
   async getDeepLinkRedirectUrl(options?: StorageOptions): Promise<string> {
     return (
       await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
@@ -1912,7 +1484,6 @@ export class StateService<
   protected resetAccount(account: TAccount) {
     const persistentAccountInformation = {
       settings: account.settings,
-      keys: { deviceKey: account.keys.deviceKey },
       adminAuthRequest: account.adminAuthRequest,
     };
     return Object.assign(this.createAccount(), persistentAccountInformation);
@@ -1938,7 +1509,9 @@ export class StateService<
   }
 
   protected async deAuthenticateAccount(userId: string): Promise<void> {
-    await this.tokenService.clearAccessToken(userId as UserId);
+    // We must have a manual call to clear tokens as we can't leverage state provider to clean
+    // up our data as we have secure storage in the mix.
+    await this.tokenService.clearTokens(userId as UserId);
     await this.setLastActive(null, { userId: userId });
     await this.updateState(async (state) => {
       state.authenticatedAccounts = state.authenticatedAccounts.filter((id) => id !== userId);
diff --git a/libs/common/src/platform/services/translation.service.ts b/libs/common/src/platform/services/translation.service.ts
index aa41073878..4ad8162af5 100644
--- a/libs/common/src/platform/services/translation.service.ts
+++ b/libs/common/src/platform/services/translation.service.ts
@@ -16,6 +16,7 @@ export abstract class TranslationService implements TranslationServiceAbstractio
     ["bs", "bosanski jezik"],
     ["ca", "català"],
     ["cs", "čeština"],
+    ["cy", "Cymraeg, y Gymraeg"],
     ["da", "dansk"],
     ["de", "Deutsch"],
     ["el", "Ελληνικά"],
@@ -30,6 +31,7 @@ export abstract class TranslationService implements TranslationServiceAbstractio
     ["fi", "suomi"],
     ["fil", "Wikang Filipino"],
     ["fr", "français"],
+    ["gl", "galego"],
     ["he", "עברית"],
     ["hi", "हिन्दी"],
     ["hr", "hrvatski"],
@@ -45,9 +47,13 @@ export abstract class TranslationService implements TranslationServiceAbstractio
     ["lv", "Latvietis"],
     ["me", "црногорски"],
     ["ml", "മലയാളം"],
+    ["mr", "मराठी"],
+    ["my", "ဗမာစကား"],
     ["nb", "norsk (bokmål)"],
+    ["ne", "नेपाली"],
     ["nl", "Nederlands"],
     ["nn", "Norsk Nynorsk"],
+    ["or", "ଓଡ଼ିଆ"],
     ["pl", "polski"],
     ["pt-BR", "português do Brasil"],
     ["pt-PT", "português"],
@@ -58,6 +64,7 @@ export abstract class TranslationService implements TranslationServiceAbstractio
     ["sl", "Slovenski jezik, Slovenščina"],
     ["sr", "Српски"],
     ["sv", "svenska"],
+    ["te", "తెలుగు"],
     ["th", "ไทย"],
     ["tr", "Türkçe"],
     ["uk", "українська"],
diff --git a/libs/common/src/platform/state/derived-state.provider.ts b/libs/common/src/platform/state/derived-state.provider.ts
index cf0a0c56c7..2186048247 100644
--- a/libs/common/src/platform/state/derived-state.provider.ts
+++ b/libs/common/src/platform/state/derived-state.provider.ts
@@ -17,9 +17,9 @@ export abstract class DerivedStateProvider {
    * well as some memory persistent information.
    * @param dependencies The dependencies of the derive function
    */
-  get: <TFrom, TTo, TDeps extends DerivedStateDependencies>(
+  abstract get<TFrom, TTo, TDeps extends DerivedStateDependencies>(
     parentState$: Observable<TFrom>,
     deriveDefinition: DeriveDefinition<TFrom, TTo, TDeps>,
     dependencies: TDeps,
-  ) => DerivedState<TTo>;
+  ): DerivedState<TTo>;
 }
diff --git a/libs/common/src/platform/state/global-state.provider.ts b/libs/common/src/platform/state/global-state.provider.ts
index 7c791b6b4d..5aa2b26a5b 100644
--- a/libs/common/src/platform/state/global-state.provider.ts
+++ b/libs/common/src/platform/state/global-state.provider.ts
@@ -9,5 +9,5 @@ export abstract class GlobalStateProvider {
    * Gets a {@link GlobalState} scoped to the given {@link KeyDefinition}
    * @param keyDefinition - The {@link KeyDefinition} for which you want the state for.
    */
-  get: <T>(keyDefinition: KeyDefinition<T>) => GlobalState<T>;
+  abstract get<T>(keyDefinition: KeyDefinition<T>): GlobalState<T>;
 }
diff --git a/libs/common/src/platform/state/index.ts b/libs/common/src/platform/state/index.ts
index 79f5b4172f..dd14aaf329 100644
--- a/libs/common/src/platform/state/index.ts
+++ b/libs/common/src/platform/state/index.ts
@@ -6,7 +6,7 @@ export { StateProvider } from "./state.provider";
 export { GlobalStateProvider } from "./global-state.provider";
 export { ActiveUserState, SingleUserState, CombinedState } from "./user-state";
 export { ActiveUserStateProvider, SingleUserStateProvider } from "./user-state.provider";
-export { KeyDefinition } from "./key-definition";
+export { KeyDefinition, KeyDefinitionOptions } from "./key-definition";
 export { StateUpdateOptions } from "./state-update-options";
 export { UserKeyDefinition } from "./user-key-definition";
 export { StateEventRunnerService } from "./state-event-runner.service";
diff --git a/libs/common/src/platform/state/state-definitions.ts b/libs/common/src/platform/state/state-definitions.ts
index c87d78642b..3e7b025b9d 100644
--- a/libs/common/src/platform/state/state-definitions.ts
+++ b/libs/common/src/platform/state/state-definitions.ts
@@ -35,15 +35,23 @@ export const BILLING_DISK = new StateDefinition("billing", "disk");
 
 // Auth
 
+export const KEY_CONNECTOR_DISK = new StateDefinition("keyConnector", "disk");
 export const ACCOUNT_MEMORY = new StateDefinition("account", "memory");
 export const AVATAR_DISK = new StateDefinition("avatar", "disk", { web: "disk-local" });
+export const LOGIN_EMAIL_DISK = new StateDefinition("loginEmail", "disk", {
+  web: "disk-local",
+});
+export const LOGIN_STRATEGY_MEMORY = new StateDefinition("loginStrategy", "memory");
 export const SSO_DISK = new StateDefinition("ssoLogin", "disk");
 export const TOKEN_DISK = new StateDefinition("token", "disk");
 export const TOKEN_DISK_LOCAL = new StateDefinition("tokenDiskLocal", "disk", {
   web: "disk-local",
 });
 export const TOKEN_MEMORY = new StateDefinition("token", "memory");
-export const LOGIN_STRATEGY_MEMORY = new StateDefinition("loginStrategy", "memory");
+export const DEVICE_TRUST_DISK_LOCAL = new StateDefinition("deviceTrust", "disk", {
+  web: "disk-local",
+});
+export const USER_DECRYPTION_OPTIONS_DISK = new StateDefinition("userDecryptionOptions", "disk");
 
 // Autofill
 
@@ -72,10 +80,15 @@ export const APPLICATION_ID_DISK = new StateDefinition("applicationId", "disk",
 });
 export const BIOMETRIC_SETTINGS_DISK = new StateDefinition("biometricSettings", "disk");
 export const CLEAR_EVENT_DISK = new StateDefinition("clearEvent", "disk");
+export const CONFIG_DISK = new StateDefinition("config", "disk", {
+  web: "disk-local",
+});
 export const CRYPTO_DISK = new StateDefinition("crypto", "disk");
 export const CRYPTO_MEMORY = new StateDefinition("crypto", "memory");
+export const DESKTOP_SETTINGS_DISK = new StateDefinition("desktopSettings", "disk");
 export const ENVIRONMENT_DISK = new StateDefinition("environment", "disk");
-export const THEMING_DISK = new StateDefinition("theming", "disk");
+export const ENVIRONMENT_MEMORY = new StateDefinition("environment", "memory");
+export const THEMING_DISK = new StateDefinition("theming", "disk", { web: "disk-local" });
 export const TRANSLATION_DISK = new StateDefinition("translation", "disk");
 
 // Secrets Manager
@@ -105,5 +118,5 @@ export const VAULT_ONBOARDING = new StateDefinition("vaultOnboarding", "disk", {
 export const VAULT_SETTINGS_DISK = new StateDefinition("vaultSettings", "disk", {
   web: "disk-local",
 });
-
+export const VAULT_BROWSER_MEMORY = new StateDefinition("vaultBrowser", "memory");
 export const CIPHERS_DISK = new StateDefinition("localData", "disk", { web: "disk-local" });
diff --git a/libs/common/src/platform/state/state.provider.ts b/libs/common/src/platform/state/state.provider.ts
index ddbb6a7c87..a1e51552c7 100644
--- a/libs/common/src/platform/state/state.provider.ts
+++ b/libs/common/src/platform/state/state.provider.ts
@@ -19,7 +19,7 @@ import { ActiveUserStateProvider, SingleUserStateProvider } from "./user-state.p
  */
 export abstract class StateProvider {
   /** @see{@link ActiveUserStateProvider.activeUserId$} */
-  activeUserId$: Observable<UserId | undefined>;
+  abstract activeUserId$: Observable<UserId | undefined>;
 
   /**
    * Gets a state observable for a given key and userId.
@@ -149,10 +149,10 @@ export abstract class StateProvider {
   ): SingleUserState<T>;
 
   /** @see{@link GlobalStateProvider.get} */
-  getGlobal: <T>(keyDefinition: KeyDefinition<T>) => GlobalState<T>;
-  getDerived: <TFrom, TTo, TDeps extends DerivedStateDependencies>(
+  abstract getGlobal<T>(keyDefinition: KeyDefinition<T>): GlobalState<T>;
+  abstract getDerived<TFrom, TTo, TDeps extends DerivedStateDependencies>(
     parentState$: Observable<TFrom>,
     deriveDefinition: DeriveDefinition<TFrom, TTo, TDeps>,
     dependencies: TDeps,
-  ) => DerivedState<TTo>;
+  ): DerivedState<TTo>;
 }
diff --git a/libs/common/src/platform/state/user-state.provider.ts b/libs/common/src/platform/state/user-state.provider.ts
index 2f18f3678d..3af10218f8 100644
--- a/libs/common/src/platform/state/user-state.provider.ts
+++ b/libs/common/src/platform/state/user-state.provider.ts
@@ -39,7 +39,7 @@ export abstract class ActiveUserStateProvider {
   /**
    * Convenience re-emission of active user ID from {@link AccountService.activeAccount$}
    */
-  activeUserId$: Observable<UserId | undefined>;
+  abstract activeUserId$: Observable<UserId | undefined>;
 
   /**
    * Gets a {@link ActiveUserState} scoped to the given {@link KeyDefinition}, but updates when active user changes such
diff --git a/libs/common/src/platform/state/user-state.ts b/libs/common/src/platform/state/user-state.ts
index dc994cf9fd..44bc873254 100644
--- a/libs/common/src/platform/state/user-state.ts
+++ b/libs/common/src/platform/state/user-state.ts
@@ -6,24 +6,25 @@ import { StateUpdateOptions } from "./state-update-options";
 
 export type CombinedState<T> = readonly [userId: UserId, state: T];
 
-/**
- * A helper object for interacting with state that is scoped to a specific user.
- */
+/** A helper object for interacting with state that is scoped to a specific user. */
 export interface UserState<T> {
-  /**
-   * Emits a stream of data.
-   */
-  readonly state$: Observable<T>;
+  /** Emits a stream of data. Emits null if the user does not have specified state. */
+  readonly state$: Observable<T | null>;
 
-  /**
-   * Emits a stream of data alongside the user id the data corresponds to.
-   */
+  /** Emits a stream of tuples, with the first element being a user id and the second element being the data for that user. */
   readonly combinedState$: Observable<CombinedState<T>>;
 }
 
 export const activeMarker: unique symbol = Symbol("active");
 export interface ActiveUserState<T> extends UserState<T> {
   readonly [activeMarker]: true;
+
+  /**
+   * Emits a stream of data. Emits null if the user does not have specified state.
+   * Note: Will not emit if there is no active user.
+   */
+  readonly state$: Observable<T | null>;
+
   /**
    * Updates backing stores for the active user.
    * @param configureState function that takes the current state and returns the new state
diff --git a/libs/common/src/platform/theming/theme-state.service.ts b/libs/common/src/platform/theming/theme-state.service.ts
index 42b5b1770c..9c31733416 100644
--- a/libs/common/src/platform/theming/theme-state.service.ts
+++ b/libs/common/src/platform/theming/theme-state.service.ts
@@ -7,13 +7,13 @@ export abstract class ThemeStateService {
   /**
    * The users selected theme.
    */
-  selectedTheme$: Observable<ThemeType>;
+  abstract selectedTheme$: Observable<ThemeType>;
 
   /**
    * A method for updating the current users configured theme.
    * @param theme The chosen user theme.
    */
-  setSelectedTheme: (theme: ThemeType) => Promise<void>;
+  abstract setSelectedTheme(theme: ThemeType): Promise<void>;
 }
 
 const THEME_SELECTION = new KeyDefinition<ThemeType>(THEMING_DISK, "selection", {
diff --git a/libs/common/src/services/api.service.ts b/libs/common/src/services/api.service.ts
index 869d45ebff..6306eb1e28 100644
--- a/libs/common/src/services/api.service.ts
+++ b/libs/common/src/services/api.service.ts
@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { ApiService as ApiServiceAbstraction } from "../abstractions/api.service";
 import { OrganizationConnectionType } from "../admin-console/enums";
 import { OrganizationSponsorshipCreateRequest } from "../admin-console/models/request/organization/organization-sponsorship-create.request";
@@ -204,10 +206,12 @@ export class ApiService implements ApiServiceAbstraction {
         ? request.toIdentityToken()
         : request.toIdentityToken(this.platformUtilsService.getClientType());
 
+    const env = await firstValueFrom(this.environmentService.environment$);
+
     const response = await this.fetch(
-      new Request(this.environmentService.getIdentityUrl() + "/connect/token", {
+      new Request(env.getIdentityUrl() + "/connect/token", {
         body: this.qsStringify(identityToken),
-        credentials: this.getCredentials(),
+        credentials: await this.getCredentials(),
         cache: "no-store",
         headers: headers,
         method: "POST",
@@ -323,13 +327,14 @@ export class ApiService implements ApiServiceAbstraction {
   }
 
   async postPrelogin(request: PreloginRequest): Promise<PreloginResponse> {
+    const env = await firstValueFrom(this.environmentService.environment$);
     const r = await this.send(
       "POST",
       "/accounts/prelogin",
       request,
       false,
       true,
-      this.environmentService.getIdentityUrl(),
+      env.getIdentityUrl(),
     );
     return new PreloginResponse(r);
   }
@@ -368,13 +373,14 @@ export class ApiService implements ApiServiceAbstraction {
   }
 
   async postRegister(request: RegisterRequest): Promise<RegisterResponse> {
+    const env = await firstValueFrom(this.environmentService.environment$);
     const r = await this.send(
       "POST",
       "/accounts/register",
       request,
       false,
       true,
-      this.environmentService.getIdentityUrl(),
+      env.getIdentityUrl(),
     );
     return new RegisterResponse(r);
   }
@@ -388,10 +394,6 @@ export class ApiService implements ApiServiceAbstraction {
     return this.send("POST", "/accounts/reinstate-premium", null, true, false);
   }
 
-  postCancelPremium(): Promise<any> {
-    return this.send("POST", "/accounts/cancel-premium", null, true, false);
-  }
-
   async postAccountStorage(request: StorageRequest): Promise<PaymentResponse> {
     const r = await this.send("POST", "/accounts/storage", request, true, true);
     return new PaymentResponse(r);
@@ -1457,10 +1459,11 @@ export class ApiService implements ApiServiceAbstraction {
     if (this.customUserAgent != null) {
       headers.set("User-Agent", this.customUserAgent);
     }
+    const env = await firstValueFrom(this.environmentService.environment$);
     const response = await this.fetch(
-      new Request(this.environmentService.getEventsUrl() + "/collect", {
+      new Request(env.getEventsUrl() + "/collect", {
         cache: "no-store",
-        credentials: this.getCredentials(),
+        credentials: await this.getCredentials(),
         method: "POST",
         body: JSON.stringify(request),
         headers: headers,
@@ -1617,11 +1620,12 @@ export class ApiService implements ApiServiceAbstraction {
       headers.set("User-Agent", this.customUserAgent);
     }
 
+    const env = await firstValueFrom(this.environmentService.environment$);
     const path = `/sso/prevalidate?domainHint=${encodeURIComponent(identifier)}`;
     const response = await this.fetch(
-      new Request(this.environmentService.getIdentityUrl() + path, {
+      new Request(env.getIdentityUrl() + path, {
         cache: "no-store",
-        credentials: this.getCredentials(),
+        credentials: await this.getCredentials(),
         headers: headers,
         method: "GET",
       }),
@@ -1751,16 +1755,17 @@ export class ApiService implements ApiServiceAbstraction {
       headers.set("User-Agent", this.customUserAgent);
     }
 
+    const env = await firstValueFrom(this.environmentService.environment$);
     const decodedToken = await this.tokenService.decodeAccessToken();
     const response = await this.fetch(
-      new Request(this.environmentService.getIdentityUrl() + "/connect/token", {
+      new Request(env.getIdentityUrl() + "/connect/token", {
         body: this.qsStringify({
           grant_type: "refresh_token",
           client_id: decodedToken.client_id,
           refresh_token: refreshToken,
         }),
         cache: "no-store",
-        credentials: this.getCredentials(),
+        credentials: await this.getCredentials(),
         headers: headers,
         method: "POST",
       }),
@@ -1775,9 +1780,9 @@ export class ApiService implements ApiServiceAbstraction {
 
       await this.tokenService.setTokens(
         tokenResponse.accessToken,
-        tokenResponse.refreshToken,
         vaultTimeoutAction as VaultTimeoutAction,
         vaultTimeout,
+        tokenResponse.refreshToken,
       );
     } else {
       const error = await this.handleError(response, true, true);
@@ -1822,7 +1827,8 @@ export class ApiService implements ApiServiceAbstraction {
     apiUrl?: string,
     alterHeaders?: (headers: Headers) => void,
   ): Promise<any> {
-    apiUrl = Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;
+    const env = await firstValueFrom(this.environmentService.environment$);
+    apiUrl = Utils.isNullOrWhitespace(apiUrl) ? env.getApiUrl() : apiUrl;
 
     // Prevent directory traversal from malicious paths
     const pathParts = path.split("?");
@@ -1838,7 +1844,7 @@ export class ApiService implements ApiServiceAbstraction {
 
     const requestInit: RequestInit = {
       cache: "no-store",
-      credentials: this.getCredentials(),
+      credentials: await this.getCredentials(),
       method: method,
     };
 
@@ -1917,8 +1923,9 @@ export class ApiService implements ApiServiceAbstraction {
       .join("&");
   }
 
-  private getCredentials(): RequestCredentials {
-    if (!this.isWebClient || this.environmentService.hasBaseUrl()) {
+  private async getCredentials(): Promise<RequestCredentials> {
+    const env = await firstValueFrom(this.environmentService.environment$);
+    if (!this.isWebClient || env.hasBaseUrl()) {
       return "include";
     }
     return undefined;
diff --git a/libs/common/src/services/notifications.service.ts b/libs/common/src/services/notifications.service.ts
index d15e8891b2..4dc8772d00 100644
--- a/libs/common/src/services/notifications.service.ts
+++ b/libs/common/src/services/notifications.service.ts
@@ -1,5 +1,6 @@
 import * as signalR from "@microsoft/signalr";
 import * as signalRMsgPack from "@microsoft/signalr-protocol-msgpack";
+import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "../abstractions/api.service";
 import { NotificationsService as NotificationsServiceAbstraction } from "../abstractions/notifications.service";
@@ -38,7 +39,7 @@ export class NotificationsService implements NotificationsServiceAbstraction {
     private authService: AuthService,
     private messagingService: MessagingService,
   ) {
-    this.environmentService.urls.subscribe(() => {
+    this.environmentService.environment$.subscribe(() => {
       if (!this.inited) {
         return;
       }
@@ -51,7 +52,7 @@ export class NotificationsService implements NotificationsServiceAbstraction {
 
   async init(): Promise<void> {
     this.inited = false;
-    this.url = this.environmentService.getNotificationsUrl();
+    this.url = (await firstValueFrom(this.environmentService.environment$)).getNotificationsUrl();
 
     // Set notifications server URL to `https://-` to effectively disable communication
     // with the notifications server from the client app
diff --git a/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts
index 7eee456775..4ce0159121 100644
--- a/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts
+++ b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts
@@ -1,5 +1,10 @@
 import { mock, MockProxy } from "jest-mock-extended";
-import { firstValueFrom, of } from "rxjs";
+import { BehaviorSubject, firstValueFrom, map, of } from "rxjs";
+
+import {
+  FakeUserDecryptionOptions as UserDecryptionOptions,
+  UserDecryptionOptionsServiceAbstraction,
+} from "@bitwarden/auth/common";
 
 import { PolicyService } from "../../admin-console/abstractions/policy/policy.service.abstraction";
 import { Policy } from "../../admin-console/models/domain/policy";
@@ -8,12 +13,12 @@ import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { BiometricStateService } from "../../platform/biometrics/biometric-state.service";
-import { AccountDecryptionOptions } from "../../platform/models/domain/account";
 import { EncString } from "../../platform/models/domain/enc-string";
 
 import { VaultTimeoutSettingsService } from "./vault-timeout-settings.service";
 
 describe("VaultTimeoutSettingsService", () => {
+  let userDecryptionOptionsService: MockProxy<UserDecryptionOptionsServiceAbstraction>;
   let cryptoService: MockProxy<CryptoService>;
   let tokenService: MockProxy<TokenService>;
   let policyService: MockProxy<PolicyService>;
@@ -21,12 +26,26 @@ describe("VaultTimeoutSettingsService", () => {
   const biometricStateService = mock<BiometricStateService>();
   let service: VaultTimeoutSettingsService;
 
+  let userDecryptionOptionsSubject: BehaviorSubject<UserDecryptionOptions>;
+
   beforeEach(() => {
+    userDecryptionOptionsService = mock<UserDecryptionOptionsServiceAbstraction>();
     cryptoService = mock<CryptoService>();
     tokenService = mock<TokenService>();
     policyService = mock<PolicyService>();
     stateService = mock<StateService>();
+
+    userDecryptionOptionsSubject = new BehaviorSubject(null);
+    userDecryptionOptionsService.userDecryptionOptions$ = userDecryptionOptionsSubject;
+    userDecryptionOptionsService.hasMasterPassword$ = userDecryptionOptionsSubject.pipe(
+      map((options) => options?.hasMasterPassword ?? false),
+    );
+    userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
+      userDecryptionOptionsSubject,
+    );
+
     service = new VaultTimeoutSettingsService(
+      userDecryptionOptionsService,
       cryptoService,
       tokenService,
       policyService,
@@ -49,9 +68,7 @@ describe("VaultTimeoutSettingsService", () => {
     });
 
     it("contains Lock when the user has a master password", async () => {
-      stateService.getAccountDecryptionOptions.mockResolvedValue(
-        new AccountDecryptionOptions({ hasMasterPassword: true }),
-      );
+      userDecryptionOptionsSubject.next(new UserDecryptionOptions({ hasMasterPassword: true }));
 
       const result = await firstValueFrom(service.availableVaultTimeoutActions$());
 
@@ -83,9 +100,7 @@ describe("VaultTimeoutSettingsService", () => {
     });
 
     it("not contains Lock when the user does not have a master password, PIN, or biometrics", async () => {
-      stateService.getAccountDecryptionOptions.mockResolvedValue(
-        new AccountDecryptionOptions({ hasMasterPassword: false }),
-      );
+      userDecryptionOptionsSubject.next(new UserDecryptionOptions({ hasMasterPassword: false }));
       stateService.getPinKeyEncryptedUserKey.mockResolvedValue(null);
       stateService.getProtectedPin.mockResolvedValue(null);
       biometricStateService.biometricUnlockEnabled$ = of(false);
@@ -107,9 +122,7 @@ describe("VaultTimeoutSettingsService", () => {
       `(
         "returns $expected when policy is $policy, and user preference is $userPreference",
         async ({ policy, userPreference, expected }) => {
-          stateService.getAccountDecryptionOptions.mockResolvedValue(
-            new AccountDecryptionOptions({ hasMasterPassword: true }),
-          );
+          userDecryptionOptionsSubject.next(new UserDecryptionOptions({ hasMasterPassword: true }));
           policyService.getAll$.mockReturnValue(
             of(policy === null ? [] : ([{ data: { action: policy } }] as unknown as Policy[])),
           );
@@ -136,8 +149,8 @@ describe("VaultTimeoutSettingsService", () => {
         "returns $expected when policy is $policy, has unlock method is $unlockMethod, and user preference is $userPreference",
         async ({ unlockMethod, policy, userPreference, expected }) => {
           biometricStateService.biometricUnlockEnabled$ = of(unlockMethod);
-          stateService.getAccountDecryptionOptions.mockResolvedValue(
-            new AccountDecryptionOptions({ hasMasterPassword: false }),
+          userDecryptionOptionsSubject.next(
+            new UserDecryptionOptions({ hasMasterPassword: false }),
           );
           policyService.getAll$.mockReturnValue(
             of(policy === null ? [] : ([{ data: { action: policy } }] as unknown as Policy[])),
diff --git a/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
index e8897d82b7..a8afc63297 100644
--- a/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
+++ b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
@@ -1,5 +1,7 @@
 import { defer, firstValueFrom } from "rxjs";
 
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
 import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "../../abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "../../admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "../../admin-console/enums";
@@ -19,6 +21,7 @@ export type PinLockType = "DISABLED" | "PERSISTANT" | "TRANSIENT";
 
 export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceAbstraction {
   constructor(
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     private cryptoService: CryptoService,
     private tokenService: TokenService,
     private policyService: PolicyService,
@@ -49,7 +52,7 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
 
     await this.stateService.setVaultTimeoutAction(action);
 
-    await this.tokenService.setTokens(accessToken, refreshToken, action, timeout, [
+    await this.tokenService.setTokens(accessToken, action, timeout, refreshToken, [
       clientId,
       clientSecret,
     ]);
@@ -174,12 +177,15 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
   }
 
   private async userHasMasterPassword(userId: string): Promise<boolean> {
-    const acctDecryptionOpts = await this.stateService.getAccountDecryptionOptions({
-      userId: userId,
-    });
+    if (userId) {
+      const decryptionOptions = await firstValueFrom(
+        this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
+      );
 
-    if (acctDecryptionOpts?.hasMasterPassword != undefined) {
-      return acctDecryptionOpts.hasMasterPassword;
+      if (decryptionOptions?.hasMasterPassword != undefined) {
+        return decryptionOptions.hasMasterPassword;
+      }
     }
+    return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
   }
 }
diff --git a/libs/common/src/state-migrations/migrate.ts b/libs/common/src/state-migrations/migrate.ts
index b560d7d3c2..e963a6401e 100644
--- a/libs/common/src/state-migrations/migrate.ts
+++ b/libs/common/src/state-migrations/migrate.ts
@@ -39,8 +39,12 @@ import { OrganizationMigrator } from "./migrations/40-move-organization-state-to
 import { EventCollectionMigrator } from "./migrations/41-move-event-collection-to-state-provider";
 import { EnableFaviconMigrator } from "./migrations/42-move-enable-favicon-to-domain-settings-state-provider";
 import { AutoConfirmFingerPrintsMigrator } from "./migrations/43-move-auto-confirm-finger-prints-to-state-provider";
-import { LocalDataMigrator } from "./migrations/44-move-local-data-to-state-provider";
 import { AddKeyTypeToOrgKeysMigrator } from "./migrations/5-add-key-type-to-org-keys";
+import { KeyConnectorMigrator } from "./migrations/50-move-key-connector-to-state-provider";
+import { RememberedEmailMigrator } from "./migrations/51-move-remembered-email-to-state-providers";
+import { DeleteInstalledVersion } from "./migrations/52-delete-installed-version";
+import { DeviceTrustCryptoServiceStateProviderMigrator } from "./migrations/53-migrate-device-trust-crypto-svc-to-state-providers";
+import { LocalDataMigrator } from "./migrations/54-move-local-data-to-state-provider";
 import { RemoveLegacyEtmKeyMigrator } from "./migrations/6-remove-legacy-etm-key";
 import { MoveBiometricAutoPromptToAccount } from "./migrations/7-move-biometric-auto-prompt-to-account";
 import { MoveStateVersionMigrator } from "./migrations/8-move-state-version";
@@ -48,7 +52,7 @@ import { MoveBrowserSettingsToGlobal } from "./migrations/9-move-browser-setting
 import { MinVersionMigrator } from "./migrations/min-version";
 
 export const MIN_VERSION = 3;
-export const CURRENT_VERSION = 44;
+export const CURRENT_VERSION = 54;
 export type MinVersion = typeof MIN_VERSION;
 
 export function createMigrationBuilder() {
@@ -94,7 +98,17 @@ export function createMigrationBuilder() {
     .with(EventCollectionMigrator, 40, 41)
     .with(EnableFaviconMigrator, 41, 42)
     .with(AutoConfirmFingerPrintsMigrator, 42, 43)
-    .with(LocalDataMigrator, 43, CURRENT_VERSION);
+    .with(UserDecryptionOptionsMigrator, 43, 44)
+    .with(MergeEnvironmentState, 44, 45)
+    .with(DeleteBiometricPromptCancelledData, 45, 46)
+    .with(MoveDesktopSettingsMigrator, 46, 47)
+    .with(MoveDdgToStateProviderMigrator, 47, 48)
+    .with(AccountServerConfigMigrator, 48, 49)
+    .with(KeyConnectorMigrator, 49, 50)
+    .with(RememberedEmailMigrator, 50, 51)
+    .with(DeleteInstalledVersion, 51, 52)
+    .with(DeviceTrustCryptoServiceStateProviderMigrator, 52, 53)
+    .with(LocalDataMigrator, 53, CURRENT_VERSION);
 }
 
 export async function currentVersion(
diff --git a/libs/common/src/state-migrations/migration-builder.spec.ts b/libs/common/src/state-migrations/migration-builder.spec.ts
index f10d3b11a9..6a4ff8e6d4 100644
--- a/libs/common/src/state-migrations/migration-builder.spec.ts
+++ b/libs/common/src/state-migrations/migration-builder.spec.ts
@@ -83,35 +83,35 @@ describe("MigrationBuilder", () => {
     });
 
     it("should migrate", async () => {
-      const helper = new MigrationHelper(0, mock(), mock());
+      const helper = new MigrationHelper(0, mock(), mock(), "general");
       const spy = jest.spyOn(migrator, "migrate");
       await sut.migrate(helper);
       expect(spy).toBeCalledWith(helper);
     });
 
     it("should rollback", async () => {
-      const helper = new MigrationHelper(1, mock(), mock());
+      const helper = new MigrationHelper(1, mock(), mock(), "general");
       const spy = jest.spyOn(rollback_migrator, "rollback");
       await sut.migrate(helper);
       expect(spy).toBeCalledWith(helper);
     });
 
     it("should update version on migrate", async () => {
-      const helper = new MigrationHelper(0, mock(), mock());
+      const helper = new MigrationHelper(0, mock(), mock(), "general");
       const spy = jest.spyOn(migrator, "updateVersion");
       await sut.migrate(helper);
       expect(spy).toBeCalledWith(helper, "up");
     });
 
     it("should update version on rollback", async () => {
-      const helper = new MigrationHelper(1, mock(), mock());
+      const helper = new MigrationHelper(1, mock(), mock(), "general");
       const spy = jest.spyOn(rollback_migrator, "updateVersion");
       await sut.migrate(helper);
       expect(spy).toBeCalledWith(helper, "down");
     });
 
     it("should not run the migrator if the current version does not match the from version", async () => {
-      const helper = new MigrationHelper(3, mock(), mock());
+      const helper = new MigrationHelper(3, mock(), mock(), "general");
       const migrate = jest.spyOn(migrator, "migrate");
       const rollback = jest.spyOn(rollback_migrator, "rollback");
       await sut.migrate(helper);
@@ -120,7 +120,7 @@ describe("MigrationBuilder", () => {
     });
 
     it("should not update version if the current version does not match the from version", async () => {
-      const helper = new MigrationHelper(3, mock(), mock());
+      const helper = new MigrationHelper(3, mock(), mock(), "general");
       const migrate = jest.spyOn(migrator, "updateVersion");
       const rollback = jest.spyOn(rollback_migrator, "updateVersion");
       await sut.migrate(helper);
@@ -130,7 +130,7 @@ describe("MigrationBuilder", () => {
   });
 
   it("should be able to call instance methods", async () => {
-    const helper = new MigrationHelper(0, mock(), mock());
+    const helper = new MigrationHelper(0, mock(), mock(), "general");
     await sut.with(TestMigratorWithInstanceMethod, 0, 1).migrate(helper);
   });
 });
diff --git a/libs/common/src/state-migrations/migration-helper.spec.ts b/libs/common/src/state-migrations/migration-helper.spec.ts
index 3bcf99b2b6..f86cac8768 100644
--- a/libs/common/src/state-migrations/migration-helper.spec.ts
+++ b/libs/common/src/state-migrations/migration-helper.spec.ts
@@ -9,7 +9,7 @@ import { AbstractStorageService } from "../platform/abstractions/storage.service
 // eslint-disable-next-line import/no-restricted-paths -- Needed to generate unique strings for injection
 import { Utils } from "../platform/misc/utils";
 
-import { MigrationHelper } from "./migration-helper";
+import { MigrationHelper, MigrationHelperType } from "./migration-helper";
 import { Migrator } from "./migrator";
 
 const exampleJSON = {
@@ -37,7 +37,7 @@ describe("RemoveLegacyEtmKeyMigrator", () => {
     storage = mock();
     storage.get.mockImplementation((key) => (exampleJSON as any)[key]);
 
-    sut = new MigrationHelper(0, storage, logService);
+    sut = new MigrationHelper(0, storage, logService, "general");
   });
 
   describe("get", () => {
@@ -150,6 +150,7 @@ describe("RemoveLegacyEtmKeyMigrator", () => {
 export function mockMigrationHelper(
   storageJson: any,
   stateVersion = 0,
+  type: MigrationHelperType = "general",
 ): MockProxy<MigrationHelper> {
   const logService: MockProxy<LogService> = mock();
   const storage: MockProxy<AbstractStorageService> = mock();
@@ -157,7 +158,7 @@ export function mockMigrationHelper(
   storage.save.mockImplementation(async (key, value) => {
     (storageJson as any)[key] = value;
   });
-  const helper = new MigrationHelper(stateVersion, storage, logService);
+  const helper = new MigrationHelper(stateVersion, storage, logService, type);
 
   const mockHelper = mock<MigrationHelper>();
   mockHelper.get.mockImplementation((key) => helper.get(key));
@@ -175,15 +176,15 @@ export function mockMigrationHelper(
     helper.setToUser(userId, keyDefinition, value),
   );
   mockHelper.getAccounts.mockImplementation(() => helper.getAccounts());
+
+  mockHelper.type = helper.type;
+
   return mockHelper;
 }
 
-// TODO: Use const generic for TUsers in TypeScript 5.0 so consumers don't have to `as const` themselves
 export type InitialDataHint<TUsers extends readonly string[]> = {
   /**
    * A string array of the users id who are authenticated
-   *
-   * NOTE: It's recommended to as const this string array so you get type help defining the users data
    */
   authenticatedAccounts?: TUsers;
   /**
@@ -282,10 +283,9 @@ function expectInjectedData(
  * @param initalData The data to start with
  * @returns State after your migration has ran.
  */
-// TODO: Use const generic for TUsers in TypeScript 5.0 so consumers don't have to `as const` themselves
 export async function runMigrator<
   TMigrator extends Migrator<number, number>,
-  TUsers extends readonly string[] = string[],
+  const TUsers extends readonly string[],
 >(
   migrator: TMigrator,
   initalData?: InitialDataHint<TUsers>,
@@ -295,7 +295,7 @@ export async function runMigrator<
   const allInjectedData = injectData(initalData, []);
 
   const fakeStorageService = new FakeStorageService(initalData);
-  const helper = new MigrationHelper(migrator.fromVersion, fakeStorageService, mock());
+  const helper = new MigrationHelper(migrator.fromVersion, fakeStorageService, mock(), "general");
 
   // Run their migrations
   if (direction === "rollback") {
diff --git a/libs/common/src/state-migrations/migration-helper.ts b/libs/common/src/state-migrations/migration-helper.ts
index 315a343e9e..5b8e4ff93e 100644
--- a/libs/common/src/state-migrations/migration-helper.ts
+++ b/libs/common/src/state-migrations/migration-helper.ts
@@ -9,12 +9,29 @@ export type KeyDefinitionLike = {
   key: string;
 };
 
+export type MigrationHelperType = "general" | "web-disk-local";
+
 export class MigrationHelper {
   constructor(
     public currentVersion: number,
     private storageService: AbstractStorageService,
     public logService: LogService,
-  ) {}
+    type: MigrationHelperType,
+  ) {
+    this.type = type;
+  }
+
+  /**
+   * On some clients, migrations are ran multiple times without direct action from the migration writer.
+   *
+   * All clients will run through migrations at least once, this run is referred to as `"general"`. If a migration is
+   * ran more than that single time, they will get a unique name if that the write can make conditional logic based on which
+   * migration run this is.
+   *
+   * @remarks The preferrable way of writing migrations is ALWAYS to be defensive and reflect on the data you are given back. This
+   * should really only be used when reflecting on the data given isn't enough.
+   */
+  type: MigrationHelperType;
 
   /**
    * Gets a value from the storage service at the given key.
diff --git a/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.spec.ts
index 64a7fd8efa..499ceae5fa 100644
--- a/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.spec.ts
+++ b/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.spec.ts
@@ -87,12 +87,12 @@ describe("VaultSettingsKeyMigrator", () => {
       expect(helper.setToUser).toHaveBeenCalledWith(
         "user-1",
         { ...vaultSettingsStateDefinition, key: "showCardsCurrentTab" },
-        true,
+        false,
       );
       expect(helper.setToUser).toHaveBeenCalledWith(
         "user-1",
         { ...vaultSettingsStateDefinition, key: "showIdentitiesCurrentTab" },
-        true,
+        false,
       );
     });
   });
diff --git a/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.ts b/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.ts
index 572e074cf1..8e86507a3b 100644
--- a/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.ts
+++ b/libs/common/src/state-migrations/migrations/36-move-show-card-and-identity-to-state-provider.ts
@@ -30,7 +30,7 @@ export class VaultSettingsKeyMigrator extends Migrator<35, 36> {
         await helper.setToUser(
           userId,
           { ...vaultSettingsStateDefinition, key: "showCardsCurrentTab" },
-          accountSettings.dontShowCardsCurrentTab,
+          !accountSettings.dontShowCardsCurrentTab,
         );
         delete account.settings.dontShowCardsCurrentTab;
         updateAccount = true;
@@ -40,7 +40,7 @@ export class VaultSettingsKeyMigrator extends Migrator<35, 36> {
         await helper.setToUser(
           userId,
           { ...vaultSettingsStateDefinition, key: "showIdentitiesCurrentTab" },
-          accountSettings.dontShowIdentitiesCurrentTab,
+          !accountSettings.dontShowIdentitiesCurrentTab,
         );
         delete account.settings.dontShowIdentitiesCurrentTab;
         updateAccount = true;
diff --git a/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.spec.ts
index a5243c261a..7dae6eeeb6 100644
--- a/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.spec.ts
+++ b/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.spec.ts
@@ -124,65 +124,107 @@ describe("TokenServiceStateProviderMigrator", () => {
       sut = new TokenServiceStateProviderMigrator(37, 38);
     });
 
-    it("should remove state service data from all accounts that have it", async () => {
-      await sut.migrate(helper);
+    describe("Session storage", () => {
+      it("should remove state service data from all accounts that have it", async () => {
+        await sut.migrate(helper);
 
-      expect(helper.set).toHaveBeenCalledWith("user1", {
-        tokens: {
-          otherStuff: "overStuff2",
-        },
-        profile: {
-          email: "user1Email",
-          otherStuff: "overStuff3",
-        },
-        keys: {
-          otherStuff: "overStuff4",
-        },
-        otherStuff: "otherStuff5",
+        expect(helper.set).toHaveBeenCalledWith("user1", {
+          tokens: {
+            otherStuff: "overStuff2",
+          },
+          profile: {
+            email: "user1Email",
+            otherStuff: "overStuff3",
+          },
+          keys: {
+            otherStuff: "overStuff4",
+          },
+          otherStuff: "otherStuff5",
+        });
+
+        expect(helper.set).toHaveBeenCalledTimes(2);
+        expect(helper.set).not.toHaveBeenCalledWith("user2", any());
+        expect(helper.set).not.toHaveBeenCalledWith("user3", any());
       });
 
-      expect(helper.set).toHaveBeenCalledTimes(2);
-      expect(helper.set).not.toHaveBeenCalledWith("user2", any());
-      expect(helper.set).not.toHaveBeenCalledWith("user3", any());
+      it("should migrate data to state providers for defined accounts that have the data", async () => {
+        await sut.migrate(helper);
+
+        // Two factor Token Migration
+        expect(helper.setToGlobal).toHaveBeenLastCalledWith(
+          EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
+          {
+            user1Email: "twoFactorToken",
+            user2Email: "twoFactorToken",
+          },
+        );
+        expect(helper.setToGlobal).toHaveBeenCalledTimes(1);
+
+        expect(helper.setToUser).toHaveBeenCalledWith("user1", ACCESS_TOKEN_DISK, "accessToken");
+        expect(helper.setToUser).toHaveBeenCalledWith("user1", REFRESH_TOKEN_DISK, "refreshToken");
+        expect(helper.setToUser).toHaveBeenCalledWith(
+          "user1",
+          API_KEY_CLIENT_ID_DISK,
+          "apiKeyClientId",
+        );
+        expect(helper.setToUser).toHaveBeenCalledWith(
+          "user1",
+          API_KEY_CLIENT_SECRET_DISK,
+          "apiKeyClientSecret",
+        );
+
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user2", ACCESS_TOKEN_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user2", REFRESH_TOKEN_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user2", API_KEY_CLIENT_ID_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith(
+          "user2",
+          API_KEY_CLIENT_SECRET_DISK,
+          any(),
+        );
+
+        // Expect that we didn't migrate anything to user 3
+
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user3", ACCESS_TOKEN_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user3", REFRESH_TOKEN_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith("user3", API_KEY_CLIENT_ID_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalledWith(
+          "user3",
+          API_KEY_CLIENT_SECRET_DISK,
+          any(),
+        );
+      });
     });
+    describe("Local storage", () => {
+      beforeEach(() => {
+        helper = mockMigrationHelper(preMigrationJson(), 37, "web-disk-local");
+      });
+      it("should remove state service data from all accounts that have it", async () => {
+        await sut.migrate(helper);
 
-    it("should migrate data to state providers for defined accounts that have the data", async () => {
-      await sut.migrate(helper);
+        expect(helper.set).toHaveBeenCalledWith("user1", {
+          tokens: {
+            otherStuff: "overStuff2",
+          },
+          profile: {
+            email: "user1Email",
+            otherStuff: "overStuff3",
+          },
+          keys: {
+            otherStuff: "overStuff4",
+          },
+          otherStuff: "otherStuff5",
+        });
 
-      // Two factor Token Migration
-      expect(helper.setToGlobal).toHaveBeenLastCalledWith(
-        EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
-        {
-          user1Email: "twoFactorToken",
-          user2Email: "twoFactorToken",
-        },
-      );
-      expect(helper.setToGlobal).toHaveBeenCalledTimes(1);
+        expect(helper.set).toHaveBeenCalledTimes(2);
+        expect(helper.set).not.toHaveBeenCalledWith("user2", any());
+        expect(helper.set).not.toHaveBeenCalledWith("user3", any());
+      });
 
-      expect(helper.setToUser).toHaveBeenCalledWith("user1", ACCESS_TOKEN_DISK, "accessToken");
-      expect(helper.setToUser).toHaveBeenCalledWith("user1", REFRESH_TOKEN_DISK, "refreshToken");
-      expect(helper.setToUser).toHaveBeenCalledWith(
-        "user1",
-        API_KEY_CLIENT_ID_DISK,
-        "apiKeyClientId",
-      );
-      expect(helper.setToUser).toHaveBeenCalledWith(
-        "user1",
-        API_KEY_CLIENT_SECRET_DISK,
-        "apiKeyClientSecret",
-      );
+      it("should not migrate any data to local storage", async () => {
+        await sut.migrate(helper);
 
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", ACCESS_TOKEN_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", REFRESH_TOKEN_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", API_KEY_CLIENT_ID_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", API_KEY_CLIENT_SECRET_DISK, any());
-
-      // Expect that we didn't migrate anything to user 3
-
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", ACCESS_TOKEN_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", REFRESH_TOKEN_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", API_KEY_CLIENT_ID_DISK, any());
-      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", API_KEY_CLIENT_SECRET_DISK, any());
+        expect(helper.setToUser).not.toHaveBeenCalled();
+      });
     });
   });
 
diff --git a/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.ts b/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.ts
index 17753d2187..640e63cdc5 100644
--- a/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.ts
+++ b/libs/common/src/state-migrations/migrations/38-migrate-token-svc-to-state-provider.ts
@@ -84,7 +84,10 @@ export class TokenServiceStateProviderMigrator extends Migrator<37, 38> {
 
       if (existingAccessToken != null) {
         // Only migrate data that exists
-        await helper.setToUser(userId, ACCESS_TOKEN_DISK, existingAccessToken);
+        if (helper.type !== "web-disk-local") {
+          // only migrate access token to session storage - never local.
+          await helper.setToUser(userId, ACCESS_TOKEN_DISK, existingAccessToken);
+        }
         delete account.tokens.accessToken;
         updatedAccount = true;
       }
@@ -93,7 +96,10 @@ export class TokenServiceStateProviderMigrator extends Migrator<37, 38> {
       const existingRefreshToken = account?.tokens?.refreshToken;
 
       if (existingRefreshToken != null) {
-        await helper.setToUser(userId, REFRESH_TOKEN_DISK, existingRefreshToken);
+        if (helper.type !== "web-disk-local") {
+          // only migrate refresh token to session storage - never local.
+          await helper.setToUser(userId, REFRESH_TOKEN_DISK, existingRefreshToken);
+        }
         delete account.tokens.refreshToken;
         updatedAccount = true;
       }
@@ -102,7 +108,10 @@ export class TokenServiceStateProviderMigrator extends Migrator<37, 38> {
       const existingApiKeyClientId = account?.profile?.apiKeyClientId;
 
       if (existingApiKeyClientId != null) {
-        await helper.setToUser(userId, API_KEY_CLIENT_ID_DISK, existingApiKeyClientId);
+        if (helper.type !== "web-disk-local") {
+          // only migrate client id to session storage - never local.
+          await helper.setToUser(userId, API_KEY_CLIENT_ID_DISK, existingApiKeyClientId);
+        }
         delete account.profile.apiKeyClientId;
         updatedAccount = true;
       }
@@ -110,7 +119,10 @@ export class TokenServiceStateProviderMigrator extends Migrator<37, 38> {
       // Migrate API key client secret
       const existingApiKeyClientSecret = account?.keys?.apiKeyClientSecret;
       if (existingApiKeyClientSecret != null) {
-        await helper.setToUser(userId, API_KEY_CLIENT_SECRET_DISK, existingApiKeyClientSecret);
+        if (helper.type !== "web-disk-local") {
+          // only migrate client secret to session storage - never local.
+          await helper.setToUser(userId, API_KEY_CLIENT_SECRET_DISK, existingApiKeyClientSecret);
+        }
         delete account.keys.apiKeyClientSecret;
         updatedAccount = true;
       }
diff --git a/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.spec.ts
new file mode 100644
index 0000000000..90254f1c43
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.spec.ts
@@ -0,0 +1,238 @@
+import { any, MockProxy } from "jest-mock-extended";
+
+import { MigrationHelper } from "../migration-helper";
+import { mockMigrationHelper } from "../migration-helper.spec";
+
+import { UserDecryptionOptionsMigrator } from "./44-move-user-decryption-options-to-state-provider";
+
+function exampleJSON() {
+  return {
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["FirstAccount", "SecondAccount", "ThirdAccount"],
+    FirstAccount: {
+      decryptionOptions: {
+        hasMasterPassword: true,
+        trustedDeviceOption: {
+          hasAdminApproval: false,
+          hasLoginApprovingDevice: false,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://keyconnector.bitwarden.com",
+        },
+      },
+      profile: {
+        otherStuff: "overStuff2",
+      },
+      otherStuff: "otherStuff3",
+    },
+    SecondAccount: {
+      decryptionOptions: {
+        hasMasterPassword: false,
+        trustedDeviceOption: {
+          hasAdminApproval: true,
+          hasLoginApprovingDevice: true,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://selfhosted.bitwarden.com",
+        },
+      },
+      profile: {
+        otherStuff: "otherStuff4",
+      },
+      otherStuff: "otherStuff5",
+    },
+  };
+}
+
+function rollbackJSON() {
+  return {
+    user_FirstAccount_decryptionOptions_userDecryptionOptions: {
+      hasMasterPassword: true,
+      trustedDeviceOption: {
+        hasAdminApproval: false,
+        hasLoginApprovingDevice: false,
+        hasManageResetPasswordPermission: true,
+      },
+      keyConnectorOption: {
+        keyConnectorUrl: "https://keyconnector.bitwarden.com",
+      },
+    },
+    user_SecondAccount_decryptionOptions_userDecryptionOptions: {
+      hasMasterPassword: false,
+      trustedDeviceOption: {
+        hasAdminApproval: true,
+        hasLoginApprovingDevice: true,
+        hasManageResetPasswordPermission: true,
+      },
+      keyConnectorOption: {
+        keyConnectorUrl: "https://selfhosted.bitwarden.com",
+      },
+    },
+    user_ThirdAccount_decryptionOptions_userDecryptionOptions: {},
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["FirstAccount", "SecondAccount", "ThirdAccount"],
+    FirstAccount: {
+      decryptionOptions: {
+        hasMasterPassword: true,
+        trustedDeviceOption: {
+          hasAdminApproval: false,
+          hasLoginApprovingDevice: false,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://keyconnector.bitwarden.com",
+        },
+      },
+      profile: {
+        otherStuff: "overStuff2",
+      },
+      otherStuff: "otherStuff3",
+    },
+    SecondAccount: {
+      decryptionOptions: {
+        hasMasterPassword: false,
+        trustedDeviceOption: {
+          hasAdminApproval: true,
+          hasLoginApprovingDevice: true,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://selfhosted.bitwarden.com",
+        },
+      },
+      profile: {
+        otherStuff: "otherStuff4",
+      },
+      otherStuff: "otherStuff5",
+    },
+  };
+}
+
+describe("UserDecryptionOptionsMigrator", () => {
+  let helper: MockProxy<MigrationHelper>;
+  let sut: UserDecryptionOptionsMigrator;
+  const keyDefinitionLike = {
+    key: "decryptionOptions",
+    stateDefinition: {
+      name: "userDecryptionOptions",
+    },
+  };
+
+  describe("migrate", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(exampleJSON(), 43);
+      sut = new UserDecryptionOptionsMigrator(43, 44);
+    });
+
+    it("should remove decryptionOptions from all accounts", async () => {
+      await sut.migrate(helper);
+      expect(helper.set).toHaveBeenCalledWith("FirstAccount", {
+        profile: {
+          otherStuff: "overStuff2",
+        },
+        otherStuff: "otherStuff3",
+      });
+      expect(helper.set).toHaveBeenCalledWith("SecondAccount", {
+        profile: {
+          otherStuff: "otherStuff4",
+        },
+        otherStuff: "otherStuff5",
+      });
+    });
+
+    it("should set decryptionOptions provider value for each account", async () => {
+      await sut.migrate(helper);
+
+      expect(helper.setToUser).toHaveBeenCalledWith("FirstAccount", keyDefinitionLike, {
+        hasMasterPassword: true,
+        trustedDeviceOption: {
+          hasAdminApproval: false,
+          hasLoginApprovingDevice: false,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://keyconnector.bitwarden.com",
+        },
+      });
+
+      expect(helper.setToUser).toHaveBeenCalledWith("SecondAccount", keyDefinitionLike, {
+        hasMasterPassword: false,
+        trustedDeviceOption: {
+          hasAdminApproval: true,
+          hasLoginApprovingDevice: true,
+          hasManageResetPasswordPermission: true,
+        },
+        keyConnectorOption: {
+          keyConnectorUrl: "https://selfhosted.bitwarden.com",
+        },
+      });
+    });
+  });
+
+  describe("rollback", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(rollbackJSON(), 44);
+      sut = new UserDecryptionOptionsMigrator(43, 44);
+    });
+
+    it.each(["FirstAccount", "SecondAccount", "ThirdAccount"])(
+      "should null out new values",
+      async (userId) => {
+        await sut.rollback(helper);
+
+        expect(helper.setToUser).toHaveBeenCalledWith(userId, keyDefinitionLike, null);
+      },
+    );
+
+    it("should add explicit value back to accounts", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.set).toHaveBeenCalledWith("FirstAccount", {
+        decryptionOptions: {
+          hasMasterPassword: true,
+          trustedDeviceOption: {
+            hasAdminApproval: false,
+            hasLoginApprovingDevice: false,
+            hasManageResetPasswordPermission: true,
+          },
+          keyConnectorOption: {
+            keyConnectorUrl: "https://keyconnector.bitwarden.com",
+          },
+        },
+        profile: {
+          otherStuff: "overStuff2",
+        },
+        otherStuff: "otherStuff3",
+      });
+      expect(helper.set).toHaveBeenCalledWith("SecondAccount", {
+        decryptionOptions: {
+          hasMasterPassword: false,
+          trustedDeviceOption: {
+            hasAdminApproval: true,
+            hasLoginApprovingDevice: true,
+            hasManageResetPasswordPermission: true,
+          },
+          keyConnectorOption: {
+            keyConnectorUrl: "https://selfhosted.bitwarden.com",
+          },
+        },
+        profile: {
+          otherStuff: "otherStuff4",
+        },
+        otherStuff: "otherStuff5",
+      });
+    });
+
+    it("should not try to restore values to missing accounts", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.set).not.toHaveBeenCalledWith("ThirdAccount", any());
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.ts b/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.ts
new file mode 100644
index 0000000000..708b096280
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/44-move-user-decryption-options-to-state-provider.ts
@@ -0,0 +1,57 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+type DecryptionOptionsType = {
+  hasMasterPassword: boolean;
+  trustedDeviceOption?: {
+    hasAdminApproval: boolean;
+    hasLoginApprovingDevice: boolean;
+    hasManageResetPasswordPermission: boolean;
+  };
+  keyConnectorOption?: {
+    keyConnectorUrl: string;
+  };
+};
+
+type ExpectedAccountType = {
+  decryptionOptions?: DecryptionOptionsType;
+};
+
+const USER_DECRYPTION_OPTIONS: KeyDefinitionLike = {
+  key: "decryptionOptions",
+  stateDefinition: {
+    name: "userDecryptionOptions",
+  },
+};
+
+export class UserDecryptionOptionsMigrator extends Migrator<43, 44> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value = account?.decryptionOptions;
+      if (value != null) {
+        await helper.setToUser(userId, USER_DECRYPTION_OPTIONS, value);
+        delete account.decryptionOptions;
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value: DecryptionOptionsType = await helper.getFromUser(
+        userId,
+        USER_DECRYPTION_OPTIONS,
+      );
+      if (account) {
+        account.decryptionOptions = Object.assign(account.decryptionOptions, value);
+        await helper.set(userId, account);
+      }
+      await helper.setToUser(userId, USER_DECRYPTION_OPTIONS, null);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/45-merge-environment-state.spec.ts b/libs/common/src/state-migrations/migrations/45-merge-environment-state.spec.ts
new file mode 100644
index 0000000000..fe2d3cf866
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/45-merge-environment-state.spec.ts
@@ -0,0 +1,164 @@
+import { runMigrator } from "../migration-helper.spec";
+
+import { MergeEnvironmentState } from "./45-merge-environment-state";
+
+describe("MergeEnvironmentState", () => {
+  const migrator = new MergeEnvironmentState(44, 45);
+
+  it("can migrate all data", async () => {
+    const output = await runMigrator(migrator, {
+      authenticatedAccounts: ["user1", "user2"],
+      global: {
+        extra: "data",
+      },
+      global_environment_region: "US",
+      global_environment_urls: {
+        base: "example.com",
+      },
+      user1: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      user2: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      extra: "data",
+      user_user1_environment_region: "US",
+      user_user2_environment_region: "EU",
+      user_user1_environment_urls: {
+        base: "example.com",
+      },
+      user_user2_environment_urls: {
+        base: "other.example.com",
+      },
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1", "user2"],
+      global: {
+        extra: "data",
+      },
+      global_environment_environment: {
+        region: "US",
+        urls: {
+          base: "example.com",
+        },
+      },
+      user1: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      user2: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      extra: "data",
+      user_user1_environment_environment: {
+        region: "US",
+        urls: {
+          base: "example.com",
+        },
+      },
+      user_user2_environment_environment: {
+        region: "EU",
+        urls: {
+          base: "other.example.com",
+        },
+      },
+    });
+  });
+
+  it("handles missing parts", async () => {
+    const output = await runMigrator(migrator, {
+      authenticatedAccounts: ["user1", "user2"],
+      global: {
+        extra: "data",
+      },
+      user1: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      user2: null,
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1", "user2"],
+      global: {
+        extra: "data",
+      },
+      user1: {
+        extra: "data",
+        settings: {
+          extra: "data",
+        },
+      },
+      user2: null,
+    });
+  });
+
+  it("can migrate only global data", async () => {
+    const output = await runMigrator(migrator, {
+      authenticatedAccounts: [],
+      global_environment_region: "Self-Hosted",
+      global: {},
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: [],
+      global_environment_environment: {
+        region: "Self-Hosted",
+        urls: undefined,
+      },
+      global: {},
+    });
+  });
+
+  it("can migrate only user state", async () => {
+    const output = await runMigrator(migrator, {
+      authenticatedAccounts: ["user1"] as const,
+      global: null,
+      user1: { settings: {} },
+      user_user1_environment_region: "Self-Hosted",
+      user_user1_environment_urls: {
+        base: "some-base-url",
+        api: "some-api-url",
+        identity: "some-identity-url",
+        icons: "some-icons-url",
+        notifications: "some-notifications-url",
+        events: "some-events-url",
+        webVault: "some-webVault-url",
+        keyConnector: "some-keyConnector-url",
+      },
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1"] as const,
+      global: null,
+      user1: { settings: {} },
+      user_user1_environment_environment: {
+        region: "Self-Hosted",
+        urls: {
+          base: "some-base-url",
+          api: "some-api-url",
+          identity: "some-identity-url",
+          icons: "some-icons-url",
+          notifications: "some-notifications-url",
+          events: "some-events-url",
+          webVault: "some-webVault-url",
+          keyConnector: "some-keyConnector-url",
+        },
+      },
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/45-merge-environment-state.ts b/libs/common/src/state-migrations/migrations/45-merge-environment-state.ts
new file mode 100644
index 0000000000..026bc1daa2
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/45-merge-environment-state.ts
@@ -0,0 +1,83 @@
+import { KeyDefinitionLike, MigrationHelper, StateDefinitionLike } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+const ENVIRONMENT_STATE: StateDefinitionLike = { name: "environment" };
+
+const ENVIRONMENT_REGION: KeyDefinitionLike = {
+  key: "region",
+  stateDefinition: ENVIRONMENT_STATE,
+};
+
+const ENVIRONMENT_URLS: KeyDefinitionLike = {
+  key: "urls",
+  stateDefinition: ENVIRONMENT_STATE,
+};
+
+const ENVIRONMENT_ENVIRONMENT: KeyDefinitionLike = {
+  key: "environment",
+  stateDefinition: ENVIRONMENT_STATE,
+};
+
+export class MergeEnvironmentState extends Migrator<44, 45> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<unknown>();
+
+    async function migrateAccount(userId: string, account: unknown): Promise<void> {
+      const region = await helper.getFromUser(userId, ENVIRONMENT_REGION);
+      const urls = await helper.getFromUser(userId, ENVIRONMENT_URLS);
+
+      if (region == null && urls == null) {
+        return;
+      }
+
+      await helper.setToUser(userId, ENVIRONMENT_ENVIRONMENT, {
+        region,
+        urls,
+      });
+      await helper.removeFromUser(userId, ENVIRONMENT_REGION);
+      await helper.removeFromUser(userId, ENVIRONMENT_URLS);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+
+    const region = await helper.getFromGlobal(ENVIRONMENT_REGION);
+    const urls = await helper.getFromGlobal(ENVIRONMENT_URLS);
+
+    if (region == null && urls == null) {
+      return;
+    }
+
+    await helper.setToGlobal(ENVIRONMENT_ENVIRONMENT, {
+      region,
+      urls,
+    });
+    await helper.removeFromGlobal(ENVIRONMENT_REGION);
+    await helper.removeFromGlobal(ENVIRONMENT_URLS);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<unknown>();
+
+    async function rollbackAccount(userId: string, account: unknown): Promise<void> {
+      const state = (await helper.getFromUser(userId, ENVIRONMENT_ENVIRONMENT)) as {
+        region: string;
+        urls: string;
+      } | null;
+
+      await helper.setToUser(userId, ENVIRONMENT_REGION, state?.region);
+      await helper.setToUser(userId, ENVIRONMENT_URLS, state?.urls);
+      await helper.removeFromUser(userId, ENVIRONMENT_ENVIRONMENT);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+
+    const state = (await helper.getFromGlobal(ENVIRONMENT_ENVIRONMENT)) as {
+      region: string;
+      urls: string;
+    } | null;
+
+    await helper.setToGlobal(ENVIRONMENT_REGION, state?.region);
+    await helper.setToGlobal(ENVIRONMENT_URLS, state?.urls);
+    await helper.removeFromGlobal(ENVIRONMENT_ENVIRONMENT);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.spec.ts b/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.spec.ts
new file mode 100644
index 0000000000..744f39709d
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.spec.ts
@@ -0,0 +1,28 @@
+import { runMigrator } from "../migration-helper.spec";
+import { IRREVERSIBLE } from "../migrator";
+
+import { DeleteBiometricPromptCancelledData } from "./46-delete-orphaned-biometric-prompt-data";
+
+describe("MoveThemeToStateProviders", () => {
+  const sut = new DeleteBiometricPromptCancelledData(45, 46);
+
+  describe("migrate", () => {
+    it("deletes promptCancelled from all users", async () => {
+      const output = await runMigrator(sut, {
+        authenticatedAccounts: ["user-1", "user-2"],
+        "user_user-1_biometricSettings_promptCancelled": true,
+        "user_user-2_biometricSettings_promptCancelled": false,
+      });
+
+      expect(output).toEqual({
+        authenticatedAccounts: ["user-1", "user-2"],
+      });
+    });
+  });
+
+  describe("rollback", () => {
+    it("is irreversible", async () => {
+      await expect(runMigrator(sut, {}, "rollback")).rejects.toThrow(IRREVERSIBLE);
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.ts b/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.ts
new file mode 100644
index 0000000000..a919e999e1
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/46-delete-orphaned-biometric-prompt-data.ts
@@ -0,0 +1,23 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { IRREVERSIBLE, Migrator } from "../migrator";
+
+export const PROMPT_CANCELLED: KeyDefinitionLike = {
+  key: "promptCancelled",
+  stateDefinition: { name: "biometricSettings" },
+};
+
+export class DeleteBiometricPromptCancelledData extends Migrator<45, 46> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    await Promise.all(
+      (await helper.getAccounts()).map(async ({ userId }) => {
+        if (helper.getFromUser(userId, PROMPT_CANCELLED) != null) {
+          await helper.removeFromUser(userId, PROMPT_CANCELLED);
+        }
+      }),
+    );
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    throw IRREVERSIBLE;
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/47-move-desktop-settings.spec.ts b/libs/common/src/state-migrations/migrations/47-move-desktop-settings.spec.ts
new file mode 100644
index 0000000000..41080d024e
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/47-move-desktop-settings.spec.ts
@@ -0,0 +1,116 @@
+import { runMigrator } from "../migration-helper.spec";
+
+import { MoveDesktopSettingsMigrator } from "./47-move-desktop-settings";
+
+describe("MoveDesktopSettings", () => {
+  const sut = new MoveDesktopSettingsMigrator(46, 47);
+
+  it("can migrate truthy values", async () => {
+    const output = await runMigrator(sut, {
+      authenticatedAccounts: ["user1"],
+      global: {
+        window: {
+          width: 400,
+          height: 400,
+          displayBounds: {
+            height: 200,
+            width: 200,
+            x: 200,
+            y: 200,
+          },
+        },
+        enableAlwaysOnTop: true,
+        enableCloseToTray: true,
+        enableMinimizeToTray: true,
+        enableStartToTray: true,
+        enableTray: true,
+        openAtLogin: true,
+        alwaysShowDock: true,
+      },
+      user1: {
+        settings: {
+          enableAlwaysOnTop: true,
+        },
+      },
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1"],
+      global: {},
+      global_desktopSettings_window: {
+        width: 400,
+        height: 400,
+        displayBounds: {
+          height: 200,
+          width: 200,
+          x: 200,
+          y: 200,
+        },
+      },
+      global_desktopSettings_closeToTray: true,
+      global_desktopSettings_minimizeToTray: true,
+      global_desktopSettings_startToTray: true,
+      global_desktopSettings_trayEnabled: true,
+      global_desktopSettings_openAtLogin: true,
+      global_desktopSettings_alwaysShowDock: true,
+      global_desktopSettings_alwaysOnTop: true,
+      user1: {
+        settings: {},
+      },
+    });
+  });
+
+  it("can migrate falsey values", async () => {
+    const output = await runMigrator(sut, {
+      authenticatedAccounts: ["user1"],
+      global: {
+        window: null,
+        enableCloseToTray: false,
+        enableMinimizeToTray: false,
+        enableStartToTray: false,
+        enableTray: false,
+        openAtLogin: false,
+        alwaysShowDock: false,
+        enableAlwaysOnTop: false,
+      },
+      user1: {
+        settings: {
+          enableAlwaysOnTop: false,
+        },
+      },
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1"],
+      global: {},
+      global_desktopSettings_window: null,
+      global_desktopSettings_closeToTray: false,
+      global_desktopSettings_minimizeToTray: false,
+      global_desktopSettings_startToTray: false,
+      global_desktopSettings_trayEnabled: false,
+      global_desktopSettings_openAtLogin: false,
+      global_desktopSettings_alwaysShowDock: false,
+      global_desktopSettings_alwaysOnTop: false,
+      user1: {
+        settings: {},
+      },
+    });
+  });
+
+  it("can migrate even if none of our values are found", async () => {
+    //
+    const output = await runMigrator(sut, {
+      authenticatedAccounts: ["user1"] as const,
+      global: {
+        anotherSetting: "",
+      },
+    });
+
+    expect(output).toEqual({
+      authenticatedAccounts: ["user1"] as const,
+      global: {
+        anotherSetting: "",
+      },
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/47-move-desktop-settings.ts b/libs/common/src/state-migrations/migrations/47-move-desktop-settings.ts
new file mode 100644
index 0000000000..f6f3ebdfc2
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/47-move-desktop-settings.ts
@@ -0,0 +1,128 @@
+import { KeyDefinitionLike, MigrationHelper, StateDefinitionLike } from "../migration-helper";
+import { IRREVERSIBLE, Migrator } from "../migrator";
+
+type ExpectedGlobalType = {
+  window?: object;
+  enableTray?: boolean;
+  enableMinimizeToTray?: boolean;
+  enableCloseToTray?: boolean;
+  enableStartToTray?: boolean;
+  openAtLogin?: boolean;
+  alwaysShowDock?: boolean;
+  enableAlwaysOnTop?: boolean;
+};
+
+type ExpectedAccountType = {
+  settings?: {
+    enableAlwaysOnTop?: boolean;
+  };
+};
+
+const DESKTOP_SETTINGS_STATE: StateDefinitionLike = { name: "desktopSettings" };
+
+const WINDOW_KEY: KeyDefinitionLike = { key: "window", stateDefinition: DESKTOP_SETTINGS_STATE };
+
+const CLOSE_TO_TRAY_KEY: KeyDefinitionLike = {
+  key: "closeToTray",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+const MINIMIZE_TO_TRAY_KEY: KeyDefinitionLike = {
+  key: "minimizeToTray",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+const START_TO_TRAY_KEY: KeyDefinitionLike = {
+  key: "startToTray",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+const TRAY_ENABLED_KEY: KeyDefinitionLike = {
+  key: "trayEnabled",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+const OPEN_AT_LOGIN_KEY: KeyDefinitionLike = {
+  key: "openAtLogin",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+const ALWAYS_SHOW_DOCK_KEY: KeyDefinitionLike = {
+  key: "alwaysShowDock",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+
+const ALWAYS_ON_TOP_KEY: KeyDefinitionLike = {
+  key: "alwaysOnTop",
+  stateDefinition: DESKTOP_SETTINGS_STATE,
+};
+
+export class MoveDesktopSettingsMigrator extends Migrator<46, 47> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const legacyGlobal = await helper.get<ExpectedGlobalType>("global");
+
+    let updatedGlobal = false;
+    if (legacyGlobal?.window !== undefined) {
+      await helper.setToGlobal(WINDOW_KEY, legacyGlobal.window);
+      updatedGlobal = true;
+      delete legacyGlobal.window;
+    }
+
+    if (legacyGlobal?.enableCloseToTray != null) {
+      await helper.setToGlobal(CLOSE_TO_TRAY_KEY, legacyGlobal.enableCloseToTray);
+      updatedGlobal = true;
+      delete legacyGlobal.enableCloseToTray;
+    }
+
+    if (legacyGlobal?.enableMinimizeToTray != null) {
+      await helper.setToGlobal(MINIMIZE_TO_TRAY_KEY, legacyGlobal.enableMinimizeToTray);
+      updatedGlobal = true;
+      delete legacyGlobal.enableMinimizeToTray;
+    }
+
+    if (legacyGlobal?.enableStartToTray != null) {
+      await helper.setToGlobal(START_TO_TRAY_KEY, legacyGlobal.enableStartToTray);
+      updatedGlobal = true;
+      delete legacyGlobal.enableStartToTray;
+    }
+
+    if (legacyGlobal?.enableTray != null) {
+      await helper.setToGlobal(TRAY_ENABLED_KEY, legacyGlobal.enableTray);
+      updatedGlobal = true;
+      delete legacyGlobal.enableTray;
+    }
+
+    if (legacyGlobal?.openAtLogin != null) {
+      await helper.setToGlobal(OPEN_AT_LOGIN_KEY, legacyGlobal.openAtLogin);
+      updatedGlobal = true;
+      delete legacyGlobal.openAtLogin;
+    }
+
+    if (legacyGlobal?.alwaysShowDock != null) {
+      await helper.setToGlobal(ALWAYS_SHOW_DOCK_KEY, legacyGlobal.alwaysShowDock);
+      updatedGlobal = true;
+      delete legacyGlobal.alwaysShowDock;
+    }
+
+    if (legacyGlobal?.enableAlwaysOnTop != null) {
+      await helper.setToGlobal(ALWAYS_ON_TOP_KEY, legacyGlobal.enableAlwaysOnTop);
+      updatedGlobal = true;
+      delete legacyGlobal.enableAlwaysOnTop;
+    }
+
+    if (updatedGlobal) {
+      await helper.set("global", legacyGlobal);
+    }
+
+    async function migrateAccount(userId: string, account: ExpectedAccountType) {
+      // We only migrate the global setting for this, if we find it on the account object
+      // just delete it.
+      if (account?.settings?.enableAlwaysOnTop != null) {
+        delete account.settings.enableAlwaysOnTop;
+        await helper.set(userId, account);
+      }
+    }
+
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    await Promise.all(accounts.map(({ userId, account }) => migrateAccount(userId, account)));
+  }
+
+  rollback(helper: MigrationHelper): Promise<void> {
+    throw IRREVERSIBLE;
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.spec.ts
new file mode 100644
index 0000000000..6b6ebffb58
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.spec.ts
@@ -0,0 +1,47 @@
+import { runMigrator } from "../migration-helper.spec";
+
+import { MoveDdgToStateProviderMigrator } from "./48-move-ddg-to-state-provider";
+
+describe("MoveDdgToStateProviderMigrator", () => {
+  const migrator = new MoveDdgToStateProviderMigrator(47, 48);
+
+  it("migrate", async () => {
+    const output = await runMigrator(migrator, {
+      global: {
+        enableDuckDuckGoBrowserIntegration: true,
+        otherStuff: "otherStuff1",
+      },
+      otherStuff: "otherStuff2",
+    });
+
+    expect(output).toEqual({
+      global_autofillSettings_enableDuckDuckGoBrowserIntegration: true,
+      global: {
+        otherStuff: "otherStuff1",
+      },
+      otherStuff: "otherStuff2",
+    });
+  });
+
+  it("rollback", async () => {
+    const output = await runMigrator(
+      migrator,
+      {
+        global_autofillSettings_enableDuckDuckGoBrowserIntegration: true,
+        global: {
+          otherStuff: "otherStuff1",
+        },
+        otherStuff: "otherStuff2",
+      },
+      "rollback",
+    );
+
+    expect(output).toEqual({
+      global: {
+        enableDuckDuckGoBrowserIntegration: true,
+        otherStuff: "otherStuff1",
+      },
+      otherStuff: "otherStuff2",
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.ts b/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.ts
new file mode 100644
index 0000000000..51676c1d7b
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/48-move-ddg-to-state-provider.ts
@@ -0,0 +1,40 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+type ExpectedGlobal = {
+  enableDuckDuckGoBrowserIntegration?: boolean;
+};
+
+export const DDG_KEY: KeyDefinitionLike = {
+  key: "enableDuckDuckGoBrowserIntegration",
+  stateDefinition: {
+    name: "autofillSettings",
+  },
+};
+
+export class MoveDdgToStateProviderMigrator extends Migrator<47, 48> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    // global state
+    const global = await helper.get<ExpectedGlobal>("global");
+    if (global?.enableDuckDuckGoBrowserIntegration == null) {
+      return;
+    }
+
+    await helper.setToGlobal(DDG_KEY, global.enableDuckDuckGoBrowserIntegration);
+    delete global.enableDuckDuckGoBrowserIntegration;
+    await helper.set("global", global);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const enableDdg = await helper.getFromGlobal<boolean>(DDG_KEY);
+
+    if (!enableDdg) {
+      return;
+    }
+
+    const global = (await helper.get<ExpectedGlobal>("global")) ?? {};
+    global.enableDuckDuckGoBrowserIntegration = enableDdg;
+    await helper.set("global", global);
+    await helper.removeFromGlobal(DDG_KEY);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/49-move-account-server-configs.spec.ts b/libs/common/src/state-migrations/migrations/49-move-account-server-configs.spec.ts
new file mode 100644
index 0000000000..4533a754b6
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/49-move-account-server-configs.spec.ts
@@ -0,0 +1,112 @@
+import { runMigrator } from "../migration-helper.spec";
+
+import { AccountServerConfigMigrator } from "./49-move-account-server-configs";
+
+describe("AccountServerConfigMigrator", () => {
+  const migrator = new AccountServerConfigMigrator(48, 49);
+
+  describe("all data", () => {
+    function toMigrate() {
+      return {
+        authenticatedAccounts: ["user1", "user2"],
+        user1: {
+          settings: {
+            serverConfig: {
+              config: "user1 server config",
+            },
+          },
+        },
+        user2: {
+          settings: {
+            serverConfig: {
+              config: "user2 server config",
+            },
+          },
+        },
+      };
+    }
+
+    function migrated() {
+      return {
+        authenticatedAccounts: ["user1", "user2"],
+
+        user1: {
+          settings: {},
+        },
+        user2: {
+          settings: {},
+        },
+        user_user1_config_serverConfig: {
+          config: "user1 server config",
+        },
+        user_user2_config_serverConfig: {
+          config: "user2 server config",
+        },
+      };
+    }
+
+    function rolledBack(previous: object) {
+      return {
+        ...previous,
+        user_user1_config_serverConfig: null as unknown,
+        user_user2_config_serverConfig: null as unknown,
+      };
+    }
+
+    it("migrates", async () => {
+      const output = await runMigrator(migrator, toMigrate(), "migrate");
+      expect(output).toEqual(migrated());
+    });
+
+    it("rolls back", async () => {
+      const output = await runMigrator(migrator, migrated(), "rollback");
+      expect(output).toEqual(rolledBack(toMigrate()));
+    });
+  });
+
+  describe("missing parts", () => {
+    function toMigrate() {
+      return {
+        authenticatedAccounts: ["user1", "user2"],
+        user1: {
+          settings: {
+            serverConfig: {
+              config: "user1 server config",
+            },
+          },
+        },
+        user2: null as unknown,
+      };
+    }
+
+    function migrated() {
+      return {
+        authenticatedAccounts: ["user1", "user2"],
+        user1: {
+          settings: {},
+        },
+        user2: null as unknown,
+        user_user1_config_serverConfig: {
+          config: "user1 server config",
+        },
+      };
+    }
+
+    function rollback(previous: object) {
+      return {
+        ...previous,
+        user_user1_config_serverConfig: null as unknown,
+      };
+    }
+
+    it("migrates", async () => {
+      const output = await runMigrator(migrator, toMigrate(), "migrate");
+      expect(output).toEqual(migrated());
+    });
+
+    it("rolls back", async () => {
+      const output = await runMigrator(migrator, migrated(), "rollback");
+      expect(output).toEqual(rollback(toMigrate()));
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/49-move-account-server-configs.ts b/libs/common/src/state-migrations/migrations/49-move-account-server-configs.ts
new file mode 100644
index 0000000000..8cc25a322d
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/49-move-account-server-configs.ts
@@ -0,0 +1,51 @@
+import { KeyDefinitionLike, MigrationHelper, StateDefinitionLike } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+const CONFIG_DISK: StateDefinitionLike = { name: "config" };
+export const USER_SERVER_CONFIG: KeyDefinitionLike = {
+  stateDefinition: CONFIG_DISK,
+  key: "serverConfig",
+};
+
+// Note: no need to migrate global configs, they don't currently exist
+
+type ExpectedAccountType = {
+  settings?: {
+    serverConfig?: unknown;
+  };
+};
+
+export class AccountServerConfigMigrator extends Migrator<48, 49> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      if (account?.settings?.serverConfig != null) {
+        await helper.setToUser(userId, USER_SERVER_CONFIG, account.settings.serverConfig);
+        delete account.settings.serverConfig;
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const serverConfig = await helper.getFromUser(userId, USER_SERVER_CONFIG);
+
+      if (serverConfig) {
+        account ??= {};
+        account.settings ??= {};
+
+        account.settings.serverConfig = serverConfig;
+        await helper.setToUser(userId, USER_SERVER_CONFIG, null);
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.spec.ts
new file mode 100644
index 0000000000..2b96080821
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.spec.ts
@@ -0,0 +1,174 @@
+import { MockProxy } from "jest-mock-extended";
+
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { mockMigrationHelper } from "../migration-helper.spec";
+
+import { KeyConnectorMigrator } from "./50-move-key-connector-to-state-provider";
+
+function exampleJSON() {
+  return {
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["FirstAccount", "SecondAccount", "ThirdAccount"],
+    FirstAccount: {
+      profile: {
+        usesKeyConnector: true,
+        convertAccountToKeyConnector: false,
+        otherStuff: "otherStuff2",
+      },
+      otherStuff: "otherStuff3",
+    },
+    SecondAccount: {
+      profile: {
+        usesKeyConnector: true,
+        convertAccountToKeyConnector: true,
+        otherStuff: "otherStuff4",
+      },
+      otherStuff: "otherStuff5",
+    },
+  };
+}
+
+function rollbackJSON() {
+  return {
+    user_FirstAccount_keyConnector_usesKeyConnector: true,
+    user_FirstAccount_keyConnector_convertAccountToKeyConnector: false,
+    user_SecondAccount_keyConnector_usesKeyConnector: true,
+    user_SecondAccount_keyConnector_convertAccountToKeyConnector: true,
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["FirstAccount", "SecondAccount", "ThirdAccount"],
+    FirstAccount: {
+      profile: {
+        otherStuff: "otherStuff2",
+      },
+      otherStuff: "otherStuff3",
+    },
+    SecondAccount: {
+      profile: {
+        otherStuff: "otherStuff4",
+      },
+      otherStuff: "otherStuff5",
+    },
+  };
+}
+
+const usesKeyConnectorKeyDefinition: KeyDefinitionLike = {
+  key: "usesKeyConnector",
+  stateDefinition: {
+    name: "keyConnector",
+  },
+};
+
+const convertAccountToKeyConnectorKeyDefinition: KeyDefinitionLike = {
+  key: "convertAccountToKeyConnector",
+  stateDefinition: {
+    name: "keyConnector",
+  },
+};
+
+describe("KeyConnectorMigrator", () => {
+  let helper: MockProxy<MigrationHelper>;
+  let sut: KeyConnectorMigrator;
+
+  describe("migrate", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(exampleJSON(), 50);
+      sut = new KeyConnectorMigrator(49, 50);
+    });
+
+    it("should remove usesKeyConnector and convertAccountToKeyConnector from Profile", async () => {
+      await sut.migrate(helper);
+
+      // Set is called 2 times even though there are 3 accounts. Since the target properties don't exist in ThirdAccount, they are not set.
+      expect(helper.set).toHaveBeenCalledTimes(2);
+      expect(helper.set).toHaveBeenCalledWith("FirstAccount", {
+        profile: {
+          otherStuff: "otherStuff2",
+        },
+        otherStuff: "otherStuff3",
+      });
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "FirstAccount",
+        usesKeyConnectorKeyDefinition,
+        true,
+      );
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "FirstAccount",
+        convertAccountToKeyConnectorKeyDefinition,
+        false,
+      );
+      expect(helper.set).toHaveBeenCalledWith("SecondAccount", {
+        profile: {
+          otherStuff: "otherStuff4",
+        },
+        otherStuff: "otherStuff5",
+      });
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "SecondAccount",
+        usesKeyConnectorKeyDefinition,
+        true,
+      );
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "SecondAccount",
+        convertAccountToKeyConnectorKeyDefinition,
+        true,
+      );
+      expect(helper.setToUser).not.toHaveBeenCalledWith("ThirdAccount");
+    });
+  });
+
+  describe("rollback", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(rollbackJSON(), 50);
+      sut = new KeyConnectorMigrator(49, 50);
+    });
+
+    it("should null out new usesKeyConnector global value", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.setToUser).toHaveBeenCalledTimes(4);
+      expect(helper.set).toHaveBeenCalledTimes(2);
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "FirstAccount",
+        usesKeyConnectorKeyDefinition,
+        null,
+      );
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "FirstAccount",
+        convertAccountToKeyConnectorKeyDefinition,
+        null,
+      );
+      expect(helper.set).toHaveBeenCalledWith("FirstAccount", {
+        profile: {
+          usesKeyConnector: true,
+          convertAccountToKeyConnector: false,
+          otherStuff: "otherStuff2",
+        },
+        otherStuff: "otherStuff3",
+      });
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "SecondAccount",
+        usesKeyConnectorKeyDefinition,
+        null,
+      );
+      expect(helper.setToUser).toHaveBeenCalledWith(
+        "SecondAccount",
+        convertAccountToKeyConnectorKeyDefinition,
+        null,
+      );
+      expect(helper.set).toHaveBeenCalledWith("SecondAccount", {
+        profile: {
+          usesKeyConnector: true,
+          convertAccountToKeyConnector: true,
+          otherStuff: "otherStuff4",
+        },
+        otherStuff: "otherStuff5",
+      });
+      expect(helper.setToUser).not.toHaveBeenCalledWith("ThirdAccount");
+      expect(helper.set).not.toHaveBeenCalledWith("ThirdAccount");
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.ts b/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.ts
new file mode 100644
index 0000000000..0deb7d5e2c
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/50-move-key-connector-to-state-provider.ts
@@ -0,0 +1,78 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+type ExpectedAccountType = {
+  profile?: {
+    usesKeyConnector?: boolean;
+    convertAccountToKeyConnector?: boolean;
+  };
+};
+
+const usesKeyConnectorKeyDefinition: KeyDefinitionLike = {
+  key: "usesKeyConnector",
+  stateDefinition: {
+    name: "keyConnector",
+  },
+};
+
+const convertAccountToKeyConnectorKeyDefinition: KeyDefinitionLike = {
+  key: "convertAccountToKeyConnector",
+  stateDefinition: {
+    name: "keyConnector",
+  },
+};
+
+export class KeyConnectorMigrator extends Migrator<49, 50> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const usesKeyConnector = account?.profile?.usesKeyConnector;
+      const convertAccountToKeyConnector = account?.profile?.convertAccountToKeyConnector;
+      if (usesKeyConnector == null && convertAccountToKeyConnector == null) {
+        return;
+      }
+      if (usesKeyConnector != null) {
+        await helper.setToUser(userId, usesKeyConnectorKeyDefinition, usesKeyConnector);
+        delete account.profile.usesKeyConnector;
+      }
+      if (convertAccountToKeyConnector != null) {
+        await helper.setToUser(
+          userId,
+          convertAccountToKeyConnectorKeyDefinition,
+          convertAccountToKeyConnector,
+        );
+        delete account.profile.convertAccountToKeyConnector;
+      }
+      await helper.set(userId, account);
+    }
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const usesKeyConnector: boolean = await helper.getFromUser(
+        userId,
+        usesKeyConnectorKeyDefinition,
+      );
+      const convertAccountToKeyConnector: boolean = await helper.getFromUser(
+        userId,
+        convertAccountToKeyConnectorKeyDefinition,
+      );
+      if (usesKeyConnector == null && convertAccountToKeyConnector == null) {
+        return;
+      }
+      if (usesKeyConnector != null) {
+        account.profile.usesKeyConnector = usesKeyConnector;
+        await helper.setToUser(userId, usesKeyConnectorKeyDefinition, null);
+      }
+      if (convertAccountToKeyConnector != null) {
+        account.profile.convertAccountToKeyConnector = convertAccountToKeyConnector;
+        await helper.setToUser(userId, convertAccountToKeyConnectorKeyDefinition, null);
+      }
+      await helper.set(userId, account);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.spec.ts b/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.spec.ts
new file mode 100644
index 0000000000..f36b5842aa
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.spec.ts
@@ -0,0 +1,81 @@
+import { MockProxy } from "jest-mock-extended";
+
+import { MigrationHelper } from "../migration-helper";
+import { mockMigrationHelper, runMigrator } from "../migration-helper.spec";
+
+import { RememberedEmailMigrator } from "./51-move-remembered-email-to-state-providers";
+
+function rollbackJSON() {
+  return {
+    global: {
+      extra: "data",
+    },
+    global_loginEmail_storedEmail: "user@example.com",
+  };
+}
+
+describe("RememberedEmailMigrator", () => {
+  const migrator = new RememberedEmailMigrator(50, 51);
+
+  describe("migrate", () => {
+    it("should migrate the rememberedEmail property from the legacy global object to a global StorageKey as 'global_loginEmail_storedEmail'", async () => {
+      const output = await runMigrator(migrator, {
+        global: {
+          rememberedEmail: "user@example.com",
+          extra: "data", // Represents a global property that should persist after migration
+        },
+      });
+
+      expect(output).toEqual({
+        global: {
+          extra: "data",
+        },
+        global_loginEmail_storedEmail: "user@example.com",
+      });
+    });
+
+    it("should remove the rememberedEmail property from the legacy global object", async () => {
+      const output = await runMigrator(migrator, {
+        global: {
+          rememberedEmail: "user@example.com",
+        },
+      });
+
+      expect(output.global).not.toHaveProperty("rememberedEmail");
+    });
+  });
+
+  describe("rollback", () => {
+    let helper: MockProxy<MigrationHelper>;
+    let sut: RememberedEmailMigrator;
+
+    const keyDefinitionLike = {
+      key: "storedEmail",
+      stateDefinition: {
+        name: "loginEmail",
+      },
+    };
+
+    beforeEach(() => {
+      helper = mockMigrationHelper(rollbackJSON(), 51);
+      sut = new RememberedEmailMigrator(50, 51);
+    });
+
+    it("should null out the storedEmail global StorageKey", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.setToGlobal).toHaveBeenCalledTimes(1);
+      expect(helper.setToGlobal).toHaveBeenCalledWith(keyDefinitionLike, null);
+    });
+
+    it("should add the rememberedEmail property back to legacy global object", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.set).toHaveBeenCalledTimes(1);
+      expect(helper.set).toHaveBeenCalledWith("global", {
+        rememberedEmail: "user@example.com",
+        extra: "data",
+      });
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.ts b/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.ts
new file mode 100644
index 0000000000..b2b0818719
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/51-move-remembered-email-to-state-providers.ts
@@ -0,0 +1,46 @@
+import { KeyDefinitionLike, MigrationHelper, StateDefinitionLike } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+type ExpectedGlobalState = { rememberedEmail?: string };
+
+const LOGIN_EMAIL_STATE: StateDefinitionLike = { name: "loginEmail" };
+
+const STORED_EMAIL: KeyDefinitionLike = {
+  key: "storedEmail",
+  stateDefinition: LOGIN_EMAIL_STATE,
+};
+
+export class RememberedEmailMigrator extends Migrator<50, 51> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const legacyGlobal = await helper.get<ExpectedGlobalState>("global");
+
+    // Move global data
+    if (legacyGlobal?.rememberedEmail != null) {
+      await helper.setToGlobal(STORED_EMAIL, legacyGlobal.rememberedEmail);
+    }
+
+    // Delete legacy global data
+    delete legacyGlobal?.rememberedEmail;
+    await helper.set("global", legacyGlobal);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    let legacyGlobal = await helper.get<ExpectedGlobalState>("global");
+    let updatedLegacyGlobal = false;
+    const globalStoredEmail = await helper.getFromGlobal<string>(STORED_EMAIL);
+
+    if (globalStoredEmail) {
+      if (!legacyGlobal) {
+        legacyGlobal = {};
+      }
+
+      updatedLegacyGlobal = true;
+      legacyGlobal.rememberedEmail = globalStoredEmail;
+      await helper.setToGlobal(STORED_EMAIL, null);
+    }
+
+    if (updatedLegacyGlobal) {
+      await helper.set("global", legacyGlobal);
+    }
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/52-delete-installed-version.spec.ts b/libs/common/src/state-migrations/migrations/52-delete-installed-version.spec.ts
new file mode 100644
index 0000000000..752f1297ff
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/52-delete-installed-version.spec.ts
@@ -0,0 +1,35 @@
+import { runMigrator } from "../migration-helper.spec";
+
+import { DeleteInstalledVersion } from "./52-delete-installed-version";
+
+describe("DeleteInstalledVersion", () => {
+  const sut = new DeleteInstalledVersion(51, 52);
+
+  describe("migrate", () => {
+    it("can delete data if there", async () => {
+      const output = await runMigrator(sut, {
+        authenticatedAccounts: ["user1"],
+        global: {
+          installedVersion: "2024.1.1",
+        },
+      });
+
+      expect(output).toEqual({
+        authenticatedAccounts: ["user1"],
+        global: {},
+      });
+    });
+
+    it("will run if installed version is not there", async () => {
+      const output = await runMigrator(sut, {
+        authenticatedAccounts: ["user1"],
+        global: {},
+      });
+
+      expect(output).toEqual({
+        authenticatedAccounts: ["user1"],
+        global: {},
+      });
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/52-delete-installed-version.ts b/libs/common/src/state-migrations/migrations/52-delete-installed-version.ts
new file mode 100644
index 0000000000..7eea0e587c
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/52-delete-installed-version.ts
@@ -0,0 +1,19 @@
+import { MigrationHelper } from "../migration-helper";
+import { IRREVERSIBLE, Migrator } from "../migrator";
+
+type ExpectedGlobal = {
+  installedVersion?: string;
+};
+
+export class DeleteInstalledVersion extends Migrator<51, 52> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const legacyGlobal = await helper.get<ExpectedGlobal>("global");
+    if (legacyGlobal?.installedVersion != null) {
+      delete legacyGlobal.installedVersion;
+      await helper.set("global", legacyGlobal);
+    }
+  }
+  rollback(helper: MigrationHelper): Promise<void> {
+    throw IRREVERSIBLE;
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.spec.ts b/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.spec.ts
new file mode 100644
index 0000000000..79366a4716
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.spec.ts
@@ -0,0 +1,171 @@
+import { MockProxy, any } from "jest-mock-extended";
+
+import { MigrationHelper } from "../migration-helper";
+import { mockMigrationHelper } from "../migration-helper.spec";
+
+import {
+  DEVICE_KEY,
+  DeviceTrustCryptoServiceStateProviderMigrator,
+  SHOULD_TRUST_DEVICE,
+} from "./53-migrate-device-trust-crypto-svc-to-state-providers";
+
+// Represents data in state service pre-migration
+function preMigrationJson() {
+  return {
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["user1", "user2", "user3"],
+    user1: {
+      keys: {
+        deviceKey: {
+          keyB64: "user1_deviceKey",
+        },
+        otherStuff: "overStuff2",
+      },
+      settings: {
+        trustDeviceChoiceForDecryption: true,
+        otherStuff: "overStuff3",
+      },
+      otherStuff: "otherStuff4",
+    },
+    user2: {
+      keys: {
+        // no device key
+        otherStuff: "otherStuff5",
+      },
+      settings: {
+        // no trust device choice
+        otherStuff: "overStuff6",
+      },
+      otherStuff: "otherStuff7",
+    },
+  };
+}
+
+function rollbackJSON() {
+  return {
+    // use pattern user_{userId}_{stateDefinitionName}_{keyDefinitionKey} for each user
+    // User1 migrated data
+    user_user1_deviceTrust_deviceKey: {
+      keyB64: "user1_deviceKey",
+    },
+    user_user1_deviceTrust_shouldTrustDevice: true,
+
+    // User2 does not have migrated data
+
+    global: {
+      otherStuff: "otherStuff1",
+    },
+    authenticatedAccounts: ["user1", "user2", "user3"],
+    user1: {
+      keys: {
+        otherStuff: "overStuff2",
+      },
+      settings: {
+        otherStuff: "overStuff3",
+      },
+      otherStuff: "otherStuff4",
+    },
+    user2: {
+      keys: {
+        otherStuff: "otherStuff5",
+      },
+      settings: {
+        otherStuff: "overStuff6",
+      },
+      otherStuff: "otherStuff6",
+    },
+  };
+}
+
+describe("DeviceTrustCryptoServiceStateProviderMigrator", () => {
+  let helper: MockProxy<MigrationHelper>;
+  let sut: DeviceTrustCryptoServiceStateProviderMigrator;
+
+  describe("migrate", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(preMigrationJson(), 52);
+      sut = new DeviceTrustCryptoServiceStateProviderMigrator(52, 53);
+    });
+
+    // it should remove deviceKey and trustDeviceChoiceForDecryption from all accounts
+    it("should remove deviceKey and trustDeviceChoiceForDecryption from all accounts that have it", async () => {
+      await sut.migrate(helper);
+      expect(helper.set).toHaveBeenCalledWith("user1", {
+        keys: {
+          otherStuff: "overStuff2",
+        },
+        settings: {
+          otherStuff: "overStuff3",
+        },
+        otherStuff: "otherStuff4",
+      });
+
+      expect(helper.set).toHaveBeenCalledTimes(1);
+      expect(helper.set).not.toHaveBeenCalledWith("user2", any());
+      expect(helper.set).not.toHaveBeenCalledWith("user3", any());
+    });
+
+    it("should migrate deviceKey and trustDeviceChoiceForDecryption to state providers for accounts that have the data", async () => {
+      await sut.migrate(helper);
+
+      expect(helper.setToUser).toHaveBeenCalledWith("user1", DEVICE_KEY, {
+        keyB64: "user1_deviceKey",
+      });
+      expect(helper.setToUser).toHaveBeenCalledWith("user1", SHOULD_TRUST_DEVICE, true);
+
+      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", DEVICE_KEY, any());
+      expect(helper.setToUser).not.toHaveBeenCalledWith("user2", SHOULD_TRUST_DEVICE, any());
+
+      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", DEVICE_KEY, any());
+      expect(helper.setToUser).not.toHaveBeenCalledWith("user3", SHOULD_TRUST_DEVICE, any());
+    });
+  });
+
+  describe("rollback", () => {
+    beforeEach(() => {
+      helper = mockMigrationHelper(rollbackJSON(), 53);
+      sut = new DeviceTrustCryptoServiceStateProviderMigrator(52, 53);
+    });
+
+    it("should null out newly migrated entries in state provider framework", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.setToUser).toHaveBeenCalledWith("user1", DEVICE_KEY, null);
+      expect(helper.setToUser).toHaveBeenCalledWith("user1", SHOULD_TRUST_DEVICE, null);
+
+      expect(helper.setToUser).toHaveBeenCalledWith("user2", DEVICE_KEY, null);
+      expect(helper.setToUser).toHaveBeenCalledWith("user2", SHOULD_TRUST_DEVICE, null);
+
+      expect(helper.setToUser).toHaveBeenCalledWith("user3", DEVICE_KEY, null);
+      expect(helper.setToUser).toHaveBeenCalledWith("user3", SHOULD_TRUST_DEVICE, null);
+    });
+
+    it("should add back deviceKey and trustDeviceChoiceForDecryption to all accounts", async () => {
+      await sut.rollback(helper);
+
+      expect(helper.set).toHaveBeenCalledWith("user1", {
+        keys: {
+          deviceKey: {
+            keyB64: "user1_deviceKey",
+          },
+          otherStuff: "overStuff2",
+        },
+        settings: {
+          trustDeviceChoiceForDecryption: true,
+          otherStuff: "overStuff3",
+        },
+        otherStuff: "otherStuff4",
+      });
+    });
+
+    it("should not add data back if data wasn't migrated or acct doesn't exist", async () => {
+      await sut.rollback(helper);
+
+      // no data to add back for user2 (acct exists but no migrated data) and user3 (no acct)
+      expect(helper.set).not.toHaveBeenCalledWith("user2", any());
+      expect(helper.set).not.toHaveBeenCalledWith("user3", any());
+    });
+  });
+});
diff --git a/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.ts b/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.ts
new file mode 100644
index 0000000000..e19c7b3fa5
--- /dev/null
+++ b/libs/common/src/state-migrations/migrations/53-migrate-device-trust-crypto-svc-to-state-providers.ts
@@ -0,0 +1,95 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+// Types to represent data as it is stored in JSON
+type DeviceKeyJsonType = {
+  keyB64: string;
+};
+
+type ExpectedAccountType = {
+  keys?: {
+    deviceKey?: DeviceKeyJsonType;
+  };
+  settings?: {
+    trustDeviceChoiceForDecryption?: boolean;
+  };
+};
+
+export const DEVICE_KEY: KeyDefinitionLike = {
+  key: "deviceKey", // matches KeyDefinition.key in DeviceTrustCryptoService
+  stateDefinition: {
+    name: "deviceTrust", // matches StateDefinition.name in StateDefinitions
+  },
+};
+
+export const SHOULD_TRUST_DEVICE: KeyDefinitionLike = {
+  key: "shouldTrustDevice",
+  stateDefinition: {
+    name: "deviceTrust",
+  },
+};
+
+export class DeviceTrustCryptoServiceStateProviderMigrator extends Migrator<52, 53> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      let updatedAccount = false;
+
+      // Migrate deviceKey
+      const existingDeviceKey = account?.keys?.deviceKey;
+
+      if (existingDeviceKey != null) {
+        // Only migrate data that exists
+        await helper.setToUser(userId, DEVICE_KEY, existingDeviceKey);
+        delete account.keys.deviceKey;
+        updatedAccount = true;
+      }
+
+      // Migrate shouldTrustDevice
+      const existingShouldTrustDevice = account?.settings?.trustDeviceChoiceForDecryption;
+
+      if (existingShouldTrustDevice != null) {
+        await helper.setToUser(userId, SHOULD_TRUST_DEVICE, existingShouldTrustDevice);
+        delete account.settings.trustDeviceChoiceForDecryption;
+        updatedAccount = true;
+      }
+
+      if (updatedAccount) {
+        // Save the migrated account
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      // Rollback deviceKey
+      const migratedDeviceKey: DeviceKeyJsonType = await helper.getFromUser(userId, DEVICE_KEY);
+
+      if (account?.keys && migratedDeviceKey != null) {
+        account.keys.deviceKey = migratedDeviceKey;
+        await helper.set(userId, account);
+      }
+
+      await helper.setToUser(userId, DEVICE_KEY, null);
+
+      // Rollback shouldTrustDevice
+      const migratedShouldTrustDevice = await helper.getFromUser<boolean>(
+        userId,
+        SHOULD_TRUST_DEVICE,
+      );
+
+      if (account?.settings && migratedShouldTrustDevice != null) {
+        account.settings.trustDeviceChoiceForDecryption = migratedShouldTrustDevice;
+        await helper.set(userId, account);
+      }
+
+      await helper.setToUser(userId, SHOULD_TRUST_DEVICE, null);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}
diff --git a/libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.spec.ts b/libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.spec.ts
similarity index 90%
rename from libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.spec.ts
rename to libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.spec.ts
index 9745002045..5446c12ebe 100644
--- a/libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.spec.ts
+++ b/libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.spec.ts
@@ -3,7 +3,7 @@ import { MockProxy } from "jest-mock-extended";
 import { MigrationHelper } from "../migration-helper";
 import { mockMigrationHelper } from "../migration-helper.spec";
 
-import { LocalDataMigrator } from "./44-move-local-data-to-state-provider";
+import { LocalDataMigrator } from "./54-move-local-data-to-state-provider";
 
 function exampleJSON() {
   return {
@@ -80,8 +80,8 @@ describe("LocalDataMigrator", () => {
 
   describe("migrate", () => {
     beforeEach(() => {
-      helper = mockMigrationHelper(exampleJSON(), 44);
-      sut = new LocalDataMigrator(43, 44);
+      helper = mockMigrationHelper(exampleJSON(), 54);
+      sut = new LocalDataMigrator(53, 54);
     });
 
     it("should remove local data from all accounts", async () => {
@@ -105,8 +105,8 @@ describe("LocalDataMigrator", () => {
 
   describe("rollback", () => {
     beforeEach(() => {
-      helper = mockMigrationHelper(rollbackJSON(), 44);
-      sut = new LocalDataMigrator(43, 44);
+      helper = mockMigrationHelper(rollbackJSON(), 54);
+      sut = new LocalDataMigrator(53, 54);
     });
 
     it.each(["user-1", "user-2"])("should null out new values", async (userId) => {
diff --git a/libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.ts b/libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.ts
similarity index 96%
rename from libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.ts
rename to libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.ts
index aefa920ea5..d695fcc6c2 100644
--- a/libs/common/src/state-migrations/migrations/44-move-local-data-to-state-provider.ts
+++ b/libs/common/src/state-migrations/migrations/54-move-local-data-to-state-provider.ts
@@ -17,7 +17,7 @@ const CIPHERS_DISK: KeyDefinitionLike = {
   },
 };
 
-export class LocalDataMigrator extends Migrator<43, 44> {
+export class LocalDataMigrator extends Migrator<53, 54> {
   async migrate(helper: MigrationHelper): Promise<void> {
     const accounts = await helper.getAccounts<ExpectedAccountType>();
     async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
diff --git a/libs/common/src/state-migrations/migrator.spec.ts b/libs/common/src/state-migrations/migrator.spec.ts
index 3abaa27727..d1189c25ea 100644
--- a/libs/common/src/state-migrations/migrator.spec.ts
+++ b/libs/common/src/state-migrations/migrator.spec.ts
@@ -26,7 +26,7 @@ describe("migrator default methods", () => {
   beforeEach(() => {
     storage = mock();
     logService = mock();
-    helper = new MigrationHelper(0, storage, logService);
+    helper = new MigrationHelper(0, storage, logService, "general");
     sut = new TestMigrator(0, 1);
   });
 
diff --git a/libs/common/src/tools/generator/abstractions/generator-history.abstraction.ts b/libs/common/src/tools/generator/abstractions/generator-history.abstraction.ts
new file mode 100644
index 0000000000..edda0dcb2b
--- /dev/null
+++ b/libs/common/src/tools/generator/abstractions/generator-history.abstraction.ts
@@ -0,0 +1,47 @@
+import { Observable } from "rxjs";
+
+import { UserId } from "../../../types/guid";
+import { GeneratedCredential, GeneratorCategory } from "../history";
+
+/** Tracks the history of password generations.
+ *  Each user gets their own store.
+ */
+export abstract class GeneratorHistoryService {
+  /** Tracks a new credential. When an item with the same `credential` value
+   *  is found, this method does nothing. When the total number of items exceeds
+   *  {@link HistoryServiceOptions.maxTotal}, then the oldest items exceeding the total
+   *  are deleted.
+   *  @param userId identifies the user storing the credential.
+   *  @param credential stored by the history service.
+   *  @param date when the credential was generated. If this is omitted, then the generator
+   *    uses the date the credential was added to the store instead.
+   *  @returns a promise that completes with the added credential. If the credential
+   *    wasn't added, then the promise completes with `null`.
+   *  @remarks this service is not suitable for use with vault items/ciphers. It models only
+   *    a history of an individually generated credential, while a vault item's history
+   *    may contain several credentials that are better modelled as atomic versions of the
+   *    vault item itself.
+   */
+  track: (
+    userId: UserId,
+    credential: string,
+    category: GeneratorCategory,
+    date?: Date,
+  ) => Promise<GeneratedCredential | null>;
+
+  /** Removes a matching credential from the history service.
+   *  @param userId identifies the user taking the credential.
+   *  @param credential to match in the history service.
+   *  @returns A promise that completes with the credential read. If the credential wasn't found,
+   *    the promise completes with null.
+   *  @remarks this can be used to extract an entry when a credential is stored in the vault.
+   */
+  take: (userId: UserId, credential: string) => Promise<GeneratedCredential | null>;
+
+  /** Lists all credentials for a user.
+   *  @param userId identifies the user listing the credential.
+   *  @remarks This field is eventually consistent with `track` and `take` operations.
+   *    It is not guaranteed to immediately reflect those changes.
+   */
+  credentials$: (userId: UserId) => Observable<GeneratedCredential[]>;
+}
diff --git a/libs/common/src/tools/generator/abstractions/generator-strategy.abstraction.ts b/libs/common/src/tools/generator/abstractions/generator-strategy.abstraction.ts
index f11c1d7300..eda02f7cdc 100644
--- a/libs/common/src/tools/generator/abstractions/generator-strategy.abstraction.ts
+++ b/libs/common/src/tools/generator/abstractions/generator-strategy.abstraction.ts
@@ -1,3 +1,5 @@
+import { Observable } from "rxjs";
+
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
 // implement ADR-0002
@@ -21,13 +23,16 @@ export abstract class GeneratorStrategy<Options, Policy> {
   /** Length of time in milliseconds to cache the evaluator */
   cache_ms: number;
 
-  /** Creates an evaluator from a generator policy.
+  /** Operator function that converts a policy collection observable to a single
+   *   policy evaluator observable.
    * @param policy The policy being evaluated.
    * @returns the policy evaluator. If `policy` is is `null` or `undefined`,
    * then the evaluator defaults to the application's limits.
    * @throws when the policy's type does not match the generator's policy type.
    */
-  evaluator: (policy: AdminPolicy) => PolicyEvaluator<Policy, Options>;
+  toEvaluator: () => (
+    source: Observable<AdminPolicy[]>,
+  ) => Observable<PolicyEvaluator<Policy, Options>>;
 
   /** Generates credentials from the given options.
    * @param options The options used to generate the credentials.
diff --git a/libs/common/src/tools/generator/default-generator.service.spec.ts b/libs/common/src/tools/generator/default-generator.service.spec.ts
index 84b8ff4530..53a46c4963 100644
--- a/libs/common/src/tools/generator/default-generator.service.spec.ts
+++ b/libs/common/src/tools/generator/default-generator.service.spec.ts
@@ -4,7 +4,7 @@
  */
 
 import { mock } from "jest-mock-extended";
-import { BehaviorSubject, firstValueFrom } from "rxjs";
+import { BehaviorSubject, firstValueFrom, map, pipe } from "rxjs";
 
 import { FakeSingleUserState, awaitAsync } from "../../../spec";
 import { PolicyService } from "../../admin-console/abstractions/policy/policy.service.abstraction";
@@ -20,12 +20,12 @@ import { PasswordGenerationOptions } from "./password";
 
 import { DefaultGeneratorService } from ".";
 
-function mockPolicyService(config?: { state?: BehaviorSubject<Policy> }) {
+function mockPolicyService(config?: { state?: BehaviorSubject<Policy[]> }) {
   const service = mock<PolicyService>();
 
   // FIXME: swap out the mock return value when `getAll$` becomes available
-  const stateValue = config?.state ?? new BehaviorSubject<Policy>(null);
-  service.get$.mockReturnValue(stateValue);
+  const stateValue = config?.state ?? new BehaviorSubject<Policy[]>([null]);
+  service.getAll$.mockReturnValue(stateValue);
 
   // const stateValue = config?.state ?? new BehaviorSubject<Policy[]>(null);
   // service.getAll$.mockReturnValue(stateValue);
@@ -46,7 +46,9 @@ function mockGeneratorStrategy(config?: {
     // the value from `config`.
     durableState: jest.fn(() => durableState),
     policy: config?.policy ?? PolicyType.DisableSend,
-    evaluator: jest.fn(() => config?.evaluator ?? mock<PolicyEvaluator<any, any>>()),
+    toEvaluator: jest.fn(() =>
+      pipe(map(() => config?.evaluator ?? mock<PolicyEvaluator<any, any>>())),
+    ),
   });
 
   return strategy;
@@ -94,9 +96,7 @@ describe("Password generator service", () => {
 
       await firstValueFrom(service.evaluator$(SomeUser));
 
-      // FIXME: swap out the expect when `getAll$` becomes available
-      expect(policy.get$).toHaveBeenCalledWith(PolicyType.PasswordGenerator);
-      //expect(policy.getAll$).toHaveBeenCalledWith(PolicyType.PasswordGenerator, SomeUser);
+      expect(policy.getAll$).toHaveBeenCalledWith(PolicyType.PasswordGenerator, SomeUser);
     });
 
     it("should map the policy using the generation strategy", async () => {
@@ -112,21 +112,22 @@ describe("Password generator service", () => {
 
     it("should update the evaluator when the password generator policy changes", async () => {
       // set up dependencies
-      const state = new BehaviorSubject<Policy>(null);
+      const state = new BehaviorSubject<Policy[]>([null]);
       const policy = mockPolicyService({ state });
       const strategy = mockGeneratorStrategy();
       const service = new DefaultGeneratorService(strategy, policy);
 
-      // model responses for the observable update
+      // model responses for the observable update. The map is called multiple times,
+      // and the array shift ensures reference equality is maintained.
       const firstEvaluator = mock<PolicyEvaluator<any, any>>();
-      strategy.evaluator.mockReturnValueOnce(firstEvaluator);
       const secondEvaluator = mock<PolicyEvaluator<any, any>>();
-      strategy.evaluator.mockReturnValueOnce(secondEvaluator);
+      const evaluators = [firstEvaluator, secondEvaluator];
+      strategy.toEvaluator.mockReturnValueOnce(pipe(map(() => evaluators.shift())));
 
       // act
       const evaluator$ = service.evaluator$(SomeUser);
       const firstResult = await firstValueFrom(evaluator$);
-      state.next(null);
+      state.next([null]);
       const secondResult = await firstValueFrom(evaluator$);
 
       // assert
@@ -142,9 +143,7 @@ describe("Password generator service", () => {
       await firstValueFrom(service.evaluator$(SomeUser));
       await firstValueFrom(service.evaluator$(SomeUser));
 
-      // FIXME: swap out the expect when `getAll$` becomes available
-      expect(policy.get$).toHaveBeenCalledTimes(1);
-      //expect(policy.getAll$).toHaveBeenCalledTimes(1);
+      expect(policy.getAll$).toHaveBeenCalledTimes(1);
     });
 
     it("should cache the password generator policy for each user", async () => {
@@ -155,9 +154,8 @@ describe("Password generator service", () => {
       await firstValueFrom(service.evaluator$(SomeUser));
       await firstValueFrom(service.evaluator$(AnotherUser));
 
-      // FIXME: enable this test when `getAll$` becomes available
-      // expect(policy.getAll$).toHaveBeenNthCalledWith(1, PolicyType.PasswordGenerator, SomeUser);
-      // expect(policy.getAll$).toHaveBeenNthCalledWith(2, PolicyType.PasswordGenerator, AnotherUser);
+      expect(policy.getAll$).toHaveBeenNthCalledWith(1, PolicyType.PasswordGenerator, SomeUser);
+      expect(policy.getAll$).toHaveBeenNthCalledWith(2, PolicyType.PasswordGenerator, AnotherUser);
     });
   });
 
diff --git a/libs/common/src/tools/generator/default-generator.service.ts b/libs/common/src/tools/generator/default-generator.service.ts
index 9c884ccefd..34aacee695 100644
--- a/libs/common/src/tools/generator/default-generator.service.ts
+++ b/libs/common/src/tools/generator/default-generator.service.ts
@@ -1,4 +1,4 @@
-import { firstValueFrom, map, share, timer, ReplaySubject, Observable } from "rxjs";
+import { firstValueFrom, share, timer, ReplaySubject, Observable } from "rxjs";
 
 // FIXME: use index.ts imports once policy abstractions and models
 // implement ADR-0002
@@ -44,14 +44,12 @@ export class DefaultGeneratorService<Options, Policy> implements GeneratorServic
   }
 
   private createEvaluator(userId: UserId) {
-    // FIXME: when it becomes possible to get a user-specific policy observable
-    // (`getAll$`) update this code to call it instead of `get$`.
-    const policies$ = this.policy.get$(this.strategy.policy);
+    const evaluator$ = this.policy.getAll$(this.strategy.policy, userId).pipe(
+      // create the evaluator from the policies
+      this.strategy.toEvaluator(),
 
-    // cache evaluator in a replay subject to amortize creation cost
-    // and reduce GC pressure.
-    const evaluator$ = policies$.pipe(
-      map((policy) => this.strategy.evaluator(policy)),
+      // cache evaluator in a replay subject to amortize creation cost
+      // and reduce GC pressure.
       share({
         connector: () => new ReplaySubject(1),
         resetOnRefCountZero: () => timer(this.strategy.cache_ms),
diff --git a/libs/common/src/tools/generator/history/generated-credential.spec.ts b/libs/common/src/tools/generator/history/generated-credential.spec.ts
new file mode 100644
index 0000000000..170030bad1
--- /dev/null
+++ b/libs/common/src/tools/generator/history/generated-credential.spec.ts
@@ -0,0 +1,58 @@
+import { GeneratorCategory, GeneratedCredential } from "./";
+
+describe("GeneratedCredential", () => {
+  describe("constructor", () => {
+    it("assigns credential", () => {
+      const result = new GeneratedCredential("example", "passphrase", new Date(100));
+
+      expect(result.credential).toEqual("example");
+    });
+
+    it("assigns category", () => {
+      const result = new GeneratedCredential("example", "passphrase", new Date(100));
+
+      expect(result.category).toEqual("passphrase");
+    });
+
+    it("passes through date parameters", () => {
+      const result = new GeneratedCredential("example", "password", new Date(100));
+
+      expect(result.generationDate).toEqual(new Date(100));
+    });
+
+    it("converts numeric dates to Dates", () => {
+      const result = new GeneratedCredential("example", "password", 100);
+
+      expect(result.generationDate).toEqual(new Date(100));
+    });
+  });
+
+  it("toJSON converts from a credential into a JSON object", () => {
+    const credential = new GeneratedCredential("example", "password", new Date(100));
+
+    const result = credential.toJSON();
+
+    expect(result).toEqual({
+      credential: "example",
+      category: "password" as GeneratorCategory,
+      generationDate: 100,
+    });
+  });
+
+  it("fromJSON converts Json objects into credentials", () => {
+    const jsonValue = {
+      credential: "example",
+      category: "password" as GeneratorCategory,
+      generationDate: 100,
+    };
+
+    const result = GeneratedCredential.fromJSON(jsonValue);
+
+    expect(result).toBeInstanceOf(GeneratedCredential);
+    expect(result).toEqual({
+      credential: "example",
+      category: "password",
+      generationDate: new Date(100),
+    });
+  });
+});
diff --git a/libs/common/src/tools/generator/history/generated-credential.ts b/libs/common/src/tools/generator/history/generated-credential.ts
new file mode 100644
index 0000000000..59a9623bf7
--- /dev/null
+++ b/libs/common/src/tools/generator/history/generated-credential.ts
@@ -0,0 +1,47 @@
+import { Jsonify } from "type-fest";
+
+import { GeneratorCategory } from "./options";
+
+/** A credential generation result */
+export class GeneratedCredential {
+  /**
+   * Instantiates a generated credential
+   * @param credential The value of the generated credential (e.g. a password)
+   * @param category The kind of credential
+   * @param generationDate The date that the credential was generated.
+   *   Numeric values should are interpreted using {@link Date.valueOf}
+   *   semantics.
+   */
+  constructor(
+    readonly credential: string,
+    readonly category: GeneratorCategory,
+    generationDate: Date | number,
+  ) {
+    if (typeof generationDate === "number") {
+      this.generationDate = new Date(generationDate);
+    } else {
+      this.generationDate = generationDate;
+    }
+  }
+
+  /** The date that the credential was generated */
+  generationDate: Date;
+
+  /** Constructs a credential from its `toJSON` representation */
+  static fromJSON(jsonValue: Jsonify<GeneratedCredential>) {
+    return new GeneratedCredential(
+      jsonValue.credential,
+      jsonValue.category,
+      jsonValue.generationDate,
+    );
+  }
+
+  /** Serializes a credential to a JSON-compatible object */
+  toJSON() {
+    return {
+      credential: this.credential,
+      category: this.category,
+      generationDate: this.generationDate.valueOf(),
+    };
+  }
+}
diff --git a/libs/common/src/tools/generator/history/index.ts b/libs/common/src/tools/generator/history/index.ts
new file mode 100644
index 0000000000..1952a849af
--- /dev/null
+++ b/libs/common/src/tools/generator/history/index.ts
@@ -0,0 +1,2 @@
+export { GeneratorCategory } from "./options";
+export { GeneratedCredential } from "./generated-credential";
diff --git a/libs/common/src/tools/generator/history/local-generator-history.service.spec.ts b/libs/common/src/tools/generator/history/local-generator-history.service.spec.ts
new file mode 100644
index 0000000000..57dde51fc1
--- /dev/null
+++ b/libs/common/src/tools/generator/history/local-generator-history.service.spec.ts
@@ -0,0 +1,198 @@
+import { mock } from "jest-mock-extended";
+import { firstValueFrom } from "rxjs";
+
+import { FakeStateProvider, awaitAsync, mockAccountServiceWith } from "../../../../spec";
+import { CryptoService } from "../../../platform/abstractions/crypto.service";
+import { EncryptService } from "../../../platform/abstractions/encrypt.service";
+import { EncString } from "../../../platform/models/domain/enc-string";
+import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../../types/csprng";
+import { UserId } from "../../../types/guid";
+import { UserKey } from "../../../types/key";
+
+import { LocalGeneratorHistoryService } from "./local-generator-history.service";
+
+const SomeUser = "SomeUser" as UserId;
+const AnotherUser = "AnotherUser" as UserId;
+
+describe("LocalGeneratorHistoryService", () => {
+  const encryptService = mock<EncryptService>();
+  const keyService = mock<CryptoService>();
+  const userKey = new SymmetricCryptoKey(new Uint8Array(64) as CsprngArray) as UserKey;
+
+  beforeEach(() => {
+    encryptService.encrypt.mockImplementation((p) => Promise.resolve(p as unknown as EncString));
+    encryptService.decryptToUtf8.mockImplementation((c) => Promise.resolve(c.encryptedString));
+    keyService.getUserKey.mockImplementation(() => Promise.resolve(userKey));
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+  });
+
+  describe("credential$", () => {
+    it("returns an empty list when no credentials are stored", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      const result = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(result).toEqual([]);
+    });
+  });
+
+  describe("track", () => {
+    it("stores a password", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      await history.track(SomeUser, "example", "password");
+      await awaitAsync();
+      const [result] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(result).toMatchObject({ credential: "example", category: "password" });
+    });
+
+    it("stores a passphrase", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      await history.track(SomeUser, "example", "passphrase");
+      await awaitAsync();
+      const [result] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(result).toMatchObject({ credential: "example", category: "passphrase" });
+    });
+
+    it("stores a specific date when one is provided", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      await history.track(SomeUser, "example", "password", new Date(100));
+      await awaitAsync();
+      const [result] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(result).toEqual({
+        credential: "example",
+        category: "password",
+        generationDate: new Date(100),
+      });
+    });
+
+    it("skips storing a credential when it's already stored (ignores category)", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      await history.track(SomeUser, "example", "password");
+      await history.track(SomeUser, "example", "password");
+      await history.track(SomeUser, "example", "passphrase");
+      await awaitAsync();
+      const [firstResult, secondResult] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(firstResult).toMatchObject({ credential: "example", category: "password" });
+      expect(secondResult).toBeUndefined();
+    });
+
+    it("stores multiple credentials when the credential value is different", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      await history.track(SomeUser, "secondResult", "password");
+      await history.track(SomeUser, "firstResult", "password");
+      await awaitAsync();
+      const [firstResult, secondResult] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(firstResult).toMatchObject({ credential: "firstResult", category: "password" });
+      expect(secondResult).toMatchObject({ credential: "secondResult", category: "password" });
+    });
+
+    it("removes history items exceeding maxTotal configuration", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider, {
+        maxTotal: 1,
+      });
+
+      await history.track(SomeUser, "removed result", "password");
+      await history.track(SomeUser, "example", "password");
+      await awaitAsync();
+      const [firstResult, secondResult] = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(firstResult).toMatchObject({ credential: "example", category: "password" });
+      expect(secondResult).toBeUndefined();
+    });
+
+    it("stores history items in per-user collections", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider, {
+        maxTotal: 1,
+      });
+
+      await history.track(SomeUser, "some user example", "password");
+      await history.track(AnotherUser, "another user example", "password");
+      await awaitAsync();
+      const [someFirstResult, someSecondResult] = await firstValueFrom(
+        history.credentials$(SomeUser),
+      );
+      const [anotherFirstResult, anotherSecondResult] = await firstValueFrom(
+        history.credentials$(AnotherUser),
+      );
+
+      expect(someFirstResult).toMatchObject({
+        credential: "some user example",
+        category: "password",
+      });
+      expect(someSecondResult).toBeUndefined();
+      expect(anotherFirstResult).toMatchObject({
+        credential: "another user example",
+        category: "password",
+      });
+      expect(anotherSecondResult).toBeUndefined();
+    });
+  });
+
+  describe("take", () => {
+    it("returns null when there are no credentials stored", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+
+      const result = await history.take(SomeUser, "example");
+
+      expect(result).toBeNull();
+    });
+
+    it("returns null when the credential wasn't found", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+      await history.track(SomeUser, "example", "password");
+
+      const result = await history.take(SomeUser, "not found");
+
+      expect(result).toBeNull();
+    });
+
+    it("returns a matching credential", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+      await history.track(SomeUser, "example", "password");
+
+      const result = await history.take(SomeUser, "example");
+
+      expect(result).toMatchObject({
+        credential: "example",
+        category: "password",
+      });
+    });
+
+    it("removes a matching credential", async () => {
+      const stateProvider = new FakeStateProvider(mockAccountServiceWith(SomeUser));
+      const history = new LocalGeneratorHistoryService(encryptService, keyService, stateProvider);
+      await history.track(SomeUser, "example", "password");
+
+      await history.take(SomeUser, "example");
+      await awaitAsync();
+      const results = await firstValueFrom(history.credentials$(SomeUser));
+
+      expect(results).toEqual([]);
+    });
+  });
+});
diff --git a/libs/common/src/tools/generator/history/local-generator-history.service.ts b/libs/common/src/tools/generator/history/local-generator-history.service.ts
new file mode 100644
index 0000000000..3a65890c50
--- /dev/null
+++ b/libs/common/src/tools/generator/history/local-generator-history.service.ts
@@ -0,0 +1,116 @@
+import { map } from "rxjs";
+
+import { CryptoService } from "../../../platform/abstractions/crypto.service";
+import { EncryptService } from "../../../platform/abstractions/encrypt.service";
+import { SingleUserState, StateProvider } from "../../../platform/state";
+import { UserId } from "../../../types/guid";
+import { GeneratorHistoryService } from "../abstractions/generator-history.abstraction";
+import { GENERATOR_HISTORY } from "../key-definitions";
+import { PaddedDataPacker } from "../state/padded-data-packer";
+import { SecretState } from "../state/secret-state";
+import { UserKeyEncryptor } from "../state/user-key-encryptor";
+
+import { GeneratedCredential } from "./generated-credential";
+import { GeneratorCategory, HistoryServiceOptions } from "./options";
+
+const OPTIONS_FRAME_SIZE = 2048;
+
+/** Tracks the history of password generations local to a device.
+ *  {@link GeneratorHistoryService}
+ */
+export class LocalGeneratorHistoryService extends GeneratorHistoryService {
+  constructor(
+    private readonly encryptService: EncryptService,
+    private readonly keyService: CryptoService,
+    private readonly stateProvider: StateProvider,
+    private readonly options: HistoryServiceOptions = { maxTotal: 100 },
+  ) {
+    super();
+  }
+
+  private _credentialStates = new Map<UserId, SingleUserState<GeneratedCredential[]>>();
+
+  /** {@link GeneratorHistoryService.track} */
+  track = async (userId: UserId, credential: string, category: GeneratorCategory, date?: Date) => {
+    const state = this.getCredentialState(userId);
+    let result: GeneratedCredential = null;
+
+    await state.update(
+      (credentials) => {
+        credentials = credentials ?? [];
+
+        // add the result
+        result = new GeneratedCredential(credential, category, date ?? Date.now());
+        credentials.unshift(result);
+
+        // trim history
+        const removeAt = Math.max(0, this.options.maxTotal);
+        credentials.splice(removeAt, Infinity);
+
+        return credentials;
+      },
+      {
+        shouldUpdate: (credentials) =>
+          credentials?.some((f) => f.credential !== credential) ?? true,
+      },
+    );
+
+    return result;
+  };
+
+  /** {@link GeneratorHistoryService.take} */
+  take = async (userId: UserId, credential: string) => {
+    const state = this.getCredentialState(userId);
+    let credentialIndex: number;
+    let result: GeneratedCredential = null;
+
+    await state.update(
+      (credentials) => {
+        credentials = credentials ?? [];
+
+        [result] = credentials.splice(credentialIndex, 1);
+        return credentials;
+      },
+      {
+        shouldUpdate: (credentials) => {
+          credentialIndex = credentials?.findIndex((f) => f.credential === credential) ?? -1;
+          return credentialIndex >= 0;
+        },
+      },
+    );
+
+    return result;
+  };
+
+  /** {@link GeneratorHistoryService.credentials$} */
+  credentials$ = (userId: UserId) => {
+    return this.getCredentialState(userId).state$.pipe(map((credentials) => credentials ?? []));
+  };
+
+  private getCredentialState(userId: UserId) {
+    let state = this._credentialStates.get(userId);
+
+    if (!state) {
+      state = this.createSecretState(userId);
+      this._credentialStates.set(userId, state);
+    }
+
+    return state;
+  }
+
+  private createSecretState(userId: UserId) {
+    // construct the encryptor
+    const packer = new PaddedDataPacker(OPTIONS_FRAME_SIZE);
+    const encryptor = new UserKeyEncryptor(this.encryptService, this.keyService, packer);
+
+    const state = SecretState.from<
+      GeneratedCredential[],
+      number,
+      GeneratedCredential,
+      Record<keyof GeneratedCredential, never>,
+      GeneratedCredential
+    >(userId, GENERATOR_HISTORY, this.stateProvider, encryptor);
+
+    return state;
+  }
+}
diff --git a/libs/common/src/tools/generator/history/options.ts b/libs/common/src/tools/generator/history/options.ts
new file mode 100644
index 0000000000..53716ec33a
--- /dev/null
+++ b/libs/common/src/tools/generator/history/options.ts
@@ -0,0 +1,10 @@
+/** Kinds of credentials that can be stored by the history service */
+export type GeneratorCategory = "password" | "passphrase";
+
+/** Configuration options for the history service */
+export type HistoryServiceOptions = {
+  /** Total number of records retained across all types.
+   *  @remarks Setting this to 0 or less disables history completely.
+   * */
+  maxTotal: number;
+};
diff --git a/libs/common/src/tools/generator/key-definition.spec.ts b/libs/common/src/tools/generator/key-definition.spec.ts
index 735377a5ba..f21767e77e 100644
--- a/libs/common/src/tools/generator/key-definition.spec.ts
+++ b/libs/common/src/tools/generator/key-definition.spec.ts
@@ -1,5 +1,4 @@
 import {
-  ENCRYPTED_HISTORY,
   EFF_USERNAME_SETTINGS,
   CATCHALL_SETTINGS,
   SUBADDRESS_SETTINGS,
@@ -101,12 +100,4 @@ describe("Key definitions", () => {
       expect(result).toBe(value);
     });
   });
-
-  describe("ENCRYPTED_HISTORY", () => {
-    it("should pass through deserialization", () => {
-      const value = {};
-      const result = ENCRYPTED_HISTORY.deserializer(value as any);
-      expect(result).toBe(value);
-    });
-  });
 });
diff --git a/libs/common/src/tools/generator/key-definitions.ts b/libs/common/src/tools/generator/key-definitions.ts
index bb7c4e8a08..d51af70f2e 100644
--- a/libs/common/src/tools/generator/key-definitions.ts
+++ b/libs/common/src/tools/generator/key-definitions.ts
@@ -1,8 +1,10 @@
 import { GENERATOR_DISK, KeyDefinition } from "../../platform/state";
 
+import { GeneratedCredential } from "./history/generated-credential";
 import { PassphraseGenerationOptions } from "./passphrase/passphrase-generation-options";
-import { GeneratedPasswordHistory } from "./password/generated-password-history";
 import { PasswordGenerationOptions } from "./password/password-generation-options";
+import { SecretClassifier } from "./state/secret-classifier";
+import { SecretKeyDefinition } from "./state/secret-key-definition";
 import { CatchallGenerationOptions } from "./username/catchall-generator-options";
 import { EffUsernameGenerationOptions } from "./username/eff-username-generator-options";
 import {
@@ -107,10 +109,11 @@ export const SIMPLE_LOGIN_FORWARDER = new KeyDefinition<SelfHostedApiOptions>(
 );
 
 /** encrypted password generation history */
-export const ENCRYPTED_HISTORY = new KeyDefinition<GeneratedPasswordHistory>(
+export const GENERATOR_HISTORY = SecretKeyDefinition.array(
   GENERATOR_DISK,
-  "passwordGeneratorHistory",
+  "localGeneratorHistory",
+  SecretClassifier.allSecret<GeneratedCredential>(),
   {
-    deserializer: (value) => value,
+    deserializer: GeneratedCredential.fromJSON,
   },
 );
diff --git a/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.spec.ts b/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.spec.ts
new file mode 100644
index 0000000000..991b2ae302
--- /dev/null
+++ b/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.spec.ts
@@ -0,0 +1,51 @@
+import { PolicyType } from "../../../admin-console/enums";
+// FIXME: use index.ts imports once policy abstractions and models
+// implement ADR-0002
+import { Policy } from "../../../admin-console/models/domain/policy";
+import { PolicyId } from "../../../types/guid";
+
+import { DisabledPassphraseGeneratorPolicy, leastPrivilege } from "./passphrase-generator-policy";
+
+function createPolicy(
+  data: any,
+  type: PolicyType = PolicyType.PasswordGenerator,
+  enabled: boolean = true,
+) {
+  return new Policy({
+    id: "id" as PolicyId,
+    organizationId: "organizationId",
+    data,
+    enabled,
+    type,
+  });
+}
+
+describe("leastPrivilege", () => {
+  it("should return the accumulator when the policy type does not apply", () => {
+    const policy = createPolicy({}, PolicyType.RequireSso);
+
+    const result = leastPrivilege(DisabledPassphraseGeneratorPolicy, policy);
+
+    expect(result).toEqual(DisabledPassphraseGeneratorPolicy);
+  });
+
+  it("should return the accumulator when the policy is not enabled", () => {
+    const policy = createPolicy({}, PolicyType.PasswordGenerator, false);
+
+    const result = leastPrivilege(DisabledPassphraseGeneratorPolicy, policy);
+
+    expect(result).toEqual(DisabledPassphraseGeneratorPolicy);
+  });
+
+  it.each([
+    ["minNumberWords", 10],
+    ["capitalize", true],
+    ["includeNumber", true],
+  ])("should take the %p from the policy", (input, value) => {
+    const policy = createPolicy({ [input]: value });
+
+    const result = leastPrivilege(DisabledPassphraseGeneratorPolicy, policy);
+
+    expect(result).toEqual({ ...DisabledPassphraseGeneratorPolicy, [input]: value });
+  });
+});
diff --git a/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.ts b/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.ts
index ca54184d16..db616f16c0 100644
--- a/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.ts
+++ b/libs/common/src/tools/generator/passphrase/passphrase-generator-policy.ts
@@ -1,3 +1,8 @@
+import { PolicyType } from "../../../admin-console/enums";
+// FIXME: use index.ts imports once policy abstractions and models
+// implement ADR-0002
+import { Policy } from "../../../admin-console/models/domain/policy";
+
 /** Policy options enforced during passphrase generation. */
 export type PassphraseGeneratorPolicy = {
   minNumberWords: number;
@@ -11,3 +16,24 @@ export const DisabledPassphraseGeneratorPolicy: PassphraseGeneratorPolicy = Obje
   capitalize: false,
   includeNumber: false,
 });
+
+/** Reduces a policy into an accumulator by accepting the most restrictive
+ *  values from each policy.
+ *  @param acc the accumulator
+ *  @param policy the policy to reduce
+ *  @returns the most restrictive values between the policy and accumulator.
+ */
+export function leastPrivilege(
+  acc: PassphraseGeneratorPolicy,
+  policy: Policy,
+): PassphraseGeneratorPolicy {
+  if (policy.type !== PolicyType.PasswordGenerator) {
+    return acc;
+  }
+
+  return {
+    minNumberWords: Math.max(acc.minNumberWords, policy.data.minNumberWords ?? acc.minNumberWords),
+    capitalize: policy.data.capitalize || acc.capitalize,
+    includeNumber: policy.data.includeNumber || acc.includeNumber,
+  };
+}
diff --git a/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.spec.ts b/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.spec.ts
index 031ea05f01..b7f09bd717 100644
--- a/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.spec.ts
@@ -4,6 +4,7 @@
  */
 
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
@@ -21,17 +22,8 @@ import { PassphraseGeneratorOptionsEvaluator, PassphraseGeneratorStrategy } from
 const SomeUser = "some user" as UserId;
 
 describe("Password generation strategy", () => {
-  describe("evaluator()", () => {
-    it("should throw if the policy type is incorrect", () => {
-      const strategy = new PassphraseGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.DisableSend,
-      });
-
-      expect(() => strategy.evaluator(policy)).toThrow(new RegExp("Mismatched policy type\\. .+"));
-    });
-
-    it("should map to the policy evaluator", () => {
+  describe("toEvaluator()", () => {
+    it("should map to the policy evaluator", async () => {
       const strategy = new PassphraseGeneratorStrategy(null, null);
       const policy = mock<Policy>({
         type: PolicyType.PasswordGenerator,
@@ -42,7 +34,8 @@ describe("Password generation strategy", () => {
         },
       });
 
-      const evaluator = strategy.evaluator(policy);
+      const evaluator$ = of([policy]).pipe(strategy.toEvaluator());
+      const evaluator = await firstValueFrom(evaluator$);
 
       expect(evaluator).toBeInstanceOf(PassphraseGeneratorOptionsEvaluator);
       expect(evaluator.policy).toMatchObject({
@@ -52,13 +45,18 @@ describe("Password generation strategy", () => {
       });
     });
 
-    it("should map `null` to a default policy evaluator", () => {
-      const strategy = new PassphraseGeneratorStrategy(null, null);
-      const evaluator = strategy.evaluator(null);
+    it.each([[[]], [null], [undefined]])(
+      "should map `%p` to a disabled password policy evaluator",
+      async (policies) => {
+        const strategy = new PassphraseGeneratorStrategy(null, null);
 
-      expect(evaluator).toBeInstanceOf(PassphraseGeneratorOptionsEvaluator);
-      expect(evaluator.policy).toMatchObject(DisabledPassphraseGeneratorPolicy);
-    });
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
+
+        expect(evaluator).toBeInstanceOf(PassphraseGeneratorOptionsEvaluator);
+        expect(evaluator.policy).toMatchObject(DisabledPassphraseGeneratorPolicy);
+      },
+    );
   });
 
   describe("durableState", () => {
diff --git a/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.ts b/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.ts
index d39f54b576..f193b2b326 100644
--- a/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.ts
+++ b/libs/common/src/tools/generator/passphrase/passphrase-generator-strategy.ts
@@ -1,18 +1,19 @@
+import { map, pipe } from "rxjs";
+
 import { GeneratorStrategy } from "..";
 import { PolicyType } from "../../../admin-console/enums";
-// FIXME: use index.ts imports once policy abstractions and models
-// implement ADR-0002
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { PASSPHRASE_SETTINGS } from "../key-definitions";
 import { PasswordGenerationServiceAbstraction } from "../password/password-generation.service.abstraction";
+import { reduceCollection } from "../reduce-collection.operator";
 
 import { PassphraseGenerationOptions } from "./passphrase-generation-options";
 import { PassphraseGeneratorOptionsEvaluator } from "./passphrase-generator-options-evaluator";
 import {
   DisabledPassphraseGeneratorPolicy,
   PassphraseGeneratorPolicy,
+  leastPrivilege,
 } from "./passphrase-generator-policy";
 
 const ONE_MINUTE = 60 * 1000;
@@ -23,6 +24,7 @@ export class PassphraseGeneratorStrategy
 {
   /** instantiates the password generator strategy.
    *  @param legacy generates the passphrase
+   *  @param stateProvider provides durable state
    */
   constructor(
     private legacy: PasswordGenerationServiceAbstraction,
@@ -39,26 +41,17 @@ export class PassphraseGeneratorStrategy
     return PolicyType.PasswordGenerator;
   }
 
+  /** {@link GeneratorStrategy.cache_ms} */
   get cache_ms() {
     return ONE_MINUTE;
   }
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator(policy: Policy): PassphraseGeneratorOptionsEvaluator {
-    if (!policy) {
-      return new PassphraseGeneratorOptionsEvaluator(DisabledPassphraseGeneratorPolicy);
-    }
-
-    if (policy.type !== this.policy) {
-      const details = `Expected: ${this.policy}. Received: ${policy.type}`;
-      throw Error("Mismatched policy type. " + details);
-    }
-
-    return new PassphraseGeneratorOptionsEvaluator({
-      minNumberWords: policy.data.minNumberWords,
-      capitalize: policy.data.capitalize,
-      includeNumber: policy.data.includeNumber,
-    });
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator() {
+    return pipe(
+      reduceCollection(leastPrivilege, DisabledPassphraseGeneratorPolicy),
+      map((policy) => new PassphraseGeneratorOptionsEvaluator(policy)),
+    );
   }
 
   /** {@link GeneratorStrategy.generate} */
diff --git a/libs/common/src/tools/generator/password/password-generator-policy.spec.ts b/libs/common/src/tools/generator/password/password-generator-policy.spec.ts
new file mode 100644
index 0000000000..206d88741b
--- /dev/null
+++ b/libs/common/src/tools/generator/password/password-generator-policy.spec.ts
@@ -0,0 +1,55 @@
+import { PolicyType } from "../../../admin-console/enums";
+// FIXME: use index.ts imports once policy abstractions and models
+// implement ADR-0002
+import { Policy } from "../../../admin-console/models/domain/policy";
+import { PolicyId } from "../../../types/guid";
+
+import { DisabledPasswordGeneratorPolicy, leastPrivilege } from "./password-generator-policy";
+
+function createPolicy(
+  data: any,
+  type: PolicyType = PolicyType.PasswordGenerator,
+  enabled: boolean = true,
+) {
+  return new Policy({
+    id: "id" as PolicyId,
+    organizationId: "organizationId",
+    data,
+    enabled,
+    type,
+  });
+}
+
+describe("leastPrivilege", () => {
+  it("should return the accumulator when the policy type does not apply", () => {
+    const policy = createPolicy({}, PolicyType.RequireSso);
+
+    const result = leastPrivilege(DisabledPasswordGeneratorPolicy, policy);
+
+    expect(result).toEqual(DisabledPasswordGeneratorPolicy);
+  });
+
+  it("should return the accumulator when the policy is not enabled", () => {
+    const policy = createPolicy({}, PolicyType.PasswordGenerator, false);
+
+    const result = leastPrivilege(DisabledPasswordGeneratorPolicy, policy);
+
+    expect(result).toEqual(DisabledPasswordGeneratorPolicy);
+  });
+
+  it.each([
+    ["minLength", 10, "minLength"],
+    ["useUpper", true, "useUppercase"],
+    ["useLower", true, "useLowercase"],
+    ["useNumbers", true, "useNumbers"],
+    ["minNumbers", 10, "numberCount"],
+    ["useSpecial", true, "useSpecial"],
+    ["minSpecial", 10, "specialCount"],
+  ])("should take the %p from the policy", (input, value, expected) => {
+    const policy = createPolicy({ [input]: value });
+
+    const result = leastPrivilege(DisabledPasswordGeneratorPolicy, policy);
+
+    expect(result).toEqual({ ...DisabledPasswordGeneratorPolicy, [expected]: value });
+  });
+});
diff --git a/libs/common/src/tools/generator/password/password-generator-policy.ts b/libs/common/src/tools/generator/password/password-generator-policy.ts
index c28631e9de..7de6b49788 100644
--- a/libs/common/src/tools/generator/password/password-generator-policy.ts
+++ b/libs/common/src/tools/generator/password/password-generator-policy.ts
@@ -1,3 +1,8 @@
+import { PolicyType } from "../../../admin-console/enums";
+// FIXME: use index.ts imports once policy abstractions and models
+// implement ADR-0002
+import { Policy } from "../../../admin-console/models/domain/policy";
+
 /** Policy options enforced during password generation. */
 export type PasswordGeneratorPolicy = {
   /** The minimum length of generated passwords.
@@ -48,3 +53,25 @@ export const DisabledPasswordGeneratorPolicy: PasswordGeneratorPolicy = Object.f
   useSpecial: false,
   specialCount: 0,
 });
+
+/** Reduces a policy into an accumulator by accepting the most restrictive
+ *  values from each policy.
+ *  @param acc the accumulator
+ *  @param policy the policy to reduce
+ *  @returns the most restrictive values between the policy and accumulator.
+ */
+export function leastPrivilege(acc: PasswordGeneratorPolicy, policy: Policy) {
+  if (policy.type !== PolicyType.PasswordGenerator || !policy.enabled) {
+    return acc;
+  }
+
+  return {
+    minLength: Math.max(acc.minLength, policy.data.minLength ?? acc.minLength),
+    useUppercase: policy.data.useUpper || acc.useUppercase,
+    useLowercase: policy.data.useLower || acc.useLowercase,
+    useNumbers: policy.data.useNumbers || acc.useNumbers,
+    numberCount: Math.max(acc.numberCount, policy.data.minNumbers ?? acc.numberCount),
+    useSpecial: policy.data.useSpecial || acc.useSpecial,
+    specialCount: Math.max(acc.specialCount, policy.data.minSpecial ?? acc.specialCount),
+  };
+}
diff --git a/libs/common/src/tools/generator/password/password-generator-strategy.spec.ts b/libs/common/src/tools/generator/password/password-generator-strategy.spec.ts
index 6c213f8c54..9bfa5b5f35 100644
--- a/libs/common/src/tools/generator/password/password-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/password/password-generator-strategy.spec.ts
@@ -4,6 +4,7 @@
  */
 
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
@@ -24,17 +25,8 @@ import {
 const SomeUser = "some user" as UserId;
 
 describe("Password generation strategy", () => {
-  describe("evaluator()", () => {
-    it("should throw if the policy type is incorrect", () => {
-      const strategy = new PasswordGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.DisableSend,
-      });
-
-      expect(() => strategy.evaluator(policy)).toThrow(new RegExp("Mismatched policy type\\. .+"));
-    });
-
-    it("should map to the policy evaluator", () => {
+  describe("toEvaluator()", () => {
+    it("should map to a password policy evaluator", async () => {
       const strategy = new PasswordGeneratorStrategy(null, null);
       const policy = mock<Policy>({
         type: PolicyType.PasswordGenerator,
@@ -49,7 +41,8 @@ describe("Password generation strategy", () => {
         },
       });
 
-      const evaluator = strategy.evaluator(policy);
+      const evaluator$ = of([policy]).pipe(strategy.toEvaluator());
+      const evaluator = await firstValueFrom(evaluator$);
 
       expect(evaluator).toBeInstanceOf(PasswordGeneratorOptionsEvaluator);
       expect(evaluator.policy).toMatchObject({
@@ -63,13 +56,18 @@ describe("Password generation strategy", () => {
       });
     });
 
-    it("should map `null`  to a default policy evaluator", () => {
-      const strategy = new PasswordGeneratorStrategy(null, null);
-      const evaluator = strategy.evaluator(null);
+    it.each([[[]], [null], [undefined]])(
+      "should map `%p` to a disabled password policy evaluator",
+      async (policies) => {
+        const strategy = new PasswordGeneratorStrategy(null, null);
 
-      expect(evaluator).toBeInstanceOf(PasswordGeneratorOptionsEvaluator);
-      expect(evaluator.policy).toMatchObject(DisabledPasswordGeneratorPolicy);
-    });
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
+
+        expect(evaluator).toBeInstanceOf(PasswordGeneratorOptionsEvaluator);
+        expect(evaluator.policy).toMatchObject(DisabledPasswordGeneratorPolicy);
+      },
+    );
   });
 
   describe("durableState", () => {
diff --git a/libs/common/src/tools/generator/password/password-generator-strategy.ts b/libs/common/src/tools/generator/password/password-generator-strategy.ts
index 223470c586..f8d618128b 100644
--- a/libs/common/src/tools/generator/password/password-generator-strategy.ts
+++ b/libs/common/src/tools/generator/password/password-generator-strategy.ts
@@ -1,11 +1,11 @@
+import { map, pipe } from "rxjs";
+
 import { GeneratorStrategy } from "..";
 import { PolicyType } from "../../../admin-console/enums";
-// FIXME: use index.ts imports once policy abstractions and models
-// implement ADR-0002
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { PASSWORD_SETTINGS } from "../key-definitions";
+import { reduceCollection } from "../reduce-collection.operator";
 
 import { PasswordGenerationOptions } from "./password-generation-options";
 import { PasswordGenerationServiceAbstraction } from "./password-generation.service.abstraction";
@@ -13,6 +13,7 @@ import { PasswordGeneratorOptionsEvaluator } from "./password-generator-options-
 import {
   DisabledPasswordGeneratorPolicy,
   PasswordGeneratorPolicy,
+  leastPrivilege,
 } from "./password-generator-policy";
 
 const ONE_MINUTE = 60 * 1000;
@@ -43,26 +44,12 @@ export class PasswordGeneratorStrategy
     return ONE_MINUTE;
   }
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator(policy: Policy): PasswordGeneratorOptionsEvaluator {
-    if (!policy) {
-      return new PasswordGeneratorOptionsEvaluator(DisabledPasswordGeneratorPolicy);
-    }
-
-    if (policy.type !== this.policy) {
-      const details = `Expected: ${this.policy}. Received: ${policy.type}`;
-      throw Error("Mismatched policy type. " + details);
-    }
-
-    return new PasswordGeneratorOptionsEvaluator({
-      minLength: policy.data.minLength,
-      useUppercase: policy.data.useUpper,
-      useLowercase: policy.data.useLower,
-      useNumbers: policy.data.useNumbers,
-      numberCount: policy.data.minNumbers,
-      useSpecial: policy.data.useSpecial,
-      specialCount: policy.data.minSpecial,
-    });
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator() {
+    return pipe(
+      reduceCollection(leastPrivilege, DisabledPasswordGeneratorPolicy),
+      map((policy) => new PasswordGeneratorOptionsEvaluator(policy)),
+    );
   }
 
   /** {@link GeneratorStrategy.generate} */
diff --git a/libs/common/src/tools/generator/reduce-collection.operator.spec.ts b/libs/common/src/tools/generator/reduce-collection.operator.spec.ts
new file mode 100644
index 0000000000..49648dfdf0
--- /dev/null
+++ b/libs/common/src/tools/generator/reduce-collection.operator.spec.ts
@@ -0,0 +1,33 @@
+/**
+ * include structuredClone in test environment.
+ * @jest-environment ../../../../shared/test.environment.ts
+ */
+
+import { of, firstValueFrom } from "rxjs";
+
+import { reduceCollection } from "./reduce-collection.operator";
+
+describe("reduceCollection", () => {
+  it.each([[null], [undefined], [[]]])(
+    "should return the default value when the collection is %p",
+    async (value: number[]) => {
+      const reduce = (acc: number, value: number) => acc + value;
+      const source$ = of(value);
+
+      const result$ = source$.pipe(reduceCollection(reduce, 100));
+      const result = await firstValueFrom(result$);
+
+      expect(result).toEqual(100);
+    },
+  );
+
+  it("should reduce the collection to a single value", async () => {
+    const reduce = (acc: number, value: number) => acc + value;
+    const source$ = of([1, 2, 3]);
+
+    const result$ = source$.pipe(reduceCollection(reduce, 0));
+    const result = await firstValueFrom(result$);
+
+    expect(result).toEqual(6);
+  });
+});
diff --git a/libs/common/src/tools/generator/reduce-collection.operator.ts b/libs/common/src/tools/generator/reduce-collection.operator.ts
new file mode 100644
index 0000000000..224595eeba
--- /dev/null
+++ b/libs/common/src/tools/generator/reduce-collection.operator.ts
@@ -0,0 +1,20 @@
+import { map, OperatorFunction } from "rxjs";
+
+/**
+ * An observable operator that reduces an emitted collection to a single object,
+ * returning a default if all items are ignored.
+ * @param reduce The reduce function to apply to the filtered collection. The
+ *  first argument is the accumulator, and the second is the current item. The
+ *  return value is the new accumulator.
+ * @param defaultValue The default value to return if the collection is empty. The
+ *   default value is also the initial value of the accumulator.
+ */
+export function reduceCollection<Item, Accumulator>(
+  reduce: (acc: Accumulator, value: Item) => Accumulator,
+  defaultValue: Accumulator,
+): OperatorFunction<Item[], Accumulator> {
+  return map((values: Item[]) => {
+    const reduced = (values ?? []).reduce(reduce, structuredClone(defaultValue));
+    return reduced;
+  });
+}
diff --git a/libs/common/src/tools/generator/state/classified-format.ts b/libs/common/src/tools/generator/state/classified-format.ts
new file mode 100644
index 0000000000..93147a0fb5
--- /dev/null
+++ b/libs/common/src/tools/generator/state/classified-format.ts
@@ -0,0 +1,19 @@
+import { Jsonify } from "type-fest";
+
+/** Describes the structure of data stored by the SecretState's
+ *  encrypted state. Notably, this interface ensures that `Disclosed`
+ *  round trips through JSON serialization. It also preserves the
+ *  Id.
+ */
+export type ClassifiedFormat<Id, Disclosed> = {
+  /** Identifies records. `null` when storing a `value` */
+  readonly id: Id | null;
+  /** Serialized {@link EncString} of the secret state's
+   *  secret-level classified data.
+   */
+  readonly secret: string;
+  /** serialized representation of the secret state's
+   * disclosed-level classified data.
+   */
+  readonly disclosed: Jsonify<Disclosed>;
+};
diff --git a/libs/common/src/tools/generator/state/data-packer.abstraction.ts b/libs/common/src/tools/generator/state/data-packer.abstraction.ts
index cb712e0fd9..439fbb66c8 100644
--- a/libs/common/src/tools/generator/state/data-packer.abstraction.ts
+++ b/libs/common/src/tools/generator/state/data-packer.abstraction.ts
@@ -9,7 +9,7 @@ export abstract class DataPacker {
    * @param value is packed into the string
    * @returns the packed string
    */
-  abstract pack<Data>(value: Data): string;
+  abstract pack<Data>(value: Jsonify<Data>): string;
 
   /** Unpacks a string produced by pack.
    * @param packedValue is the string to unpack
diff --git a/libs/common/src/tools/generator/state/padded-data-packer.spec.ts b/libs/common/src/tools/generator/state/padded-data-packer.spec.ts
index 3cf225026b..7e1d506988 100644
--- a/libs/common/src/tools/generator/state/padded-data-packer.spec.ts
+++ b/libs/common/src/tools/generator/state/padded-data-packer.spec.ts
@@ -88,14 +88,4 @@ describe("UserKeyEncryptor", () => {
 
     expect(unpacked).toEqual(input);
   });
-
-  it("should unpack a packed JSON-serializable value", () => {
-    const dataPacker = new PaddedDataPacker(8);
-    const input = { foo: new Date(100) };
-
-    const packed = dataPacker.pack(input);
-    const unpacked = dataPacker.unpack(packed);
-
-    expect(unpacked).toEqual({ foo: "1970-01-01T00:00:00.100Z" });
-  });
 });
diff --git a/libs/common/src/tools/generator/state/padded-data-packer.ts b/libs/common/src/tools/generator/state/padded-data-packer.ts
index b55dfa378b..e2f5058b21 100644
--- a/libs/common/src/tools/generator/state/padded-data-packer.ts
+++ b/libs/common/src/tools/generator/state/padded-data-packer.ts
@@ -37,7 +37,7 @@ export class PaddedDataPacker extends DataPackerAbstraction {
    * with the frameSize.
    * @see {@link DataPackerAbstraction.unpack}
    */
-  pack<Secret>(value: Secret) {
+  pack<Secret>(value: Jsonify<Secret>) {
     // encode the value
     const json = JSON.stringify(value);
     const b64 = Utils.fromUtf8ToB64(json);
diff --git a/libs/common/src/tools/generator/state/secret-classifier.spec.ts b/libs/common/src/tools/generator/state/secret-classifier.spec.ts
index 819cd10923..41dd8dc71b 100644
--- a/libs/common/src/tools/generator/state/secret-classifier.spec.ts
+++ b/libs/common/src/tools/generator/state/secret-classifier.spec.ts
@@ -77,6 +77,15 @@ describe("SecretClassifier", () => {
       expect(classified.disclosed).toEqual({ foo: true });
     });
 
+    it("jsonifies its outputs", () => {
+      const classifier = SecretClassifier.allSecret<{ foo: Date; bar: Date }>().disclose("foo");
+
+      const classified = classifier.classify({ foo: new Date(100), bar: new Date(100) });
+
+      expect(classified.disclosed).toEqual({ foo: "1970-01-01T00:00:00.100Z" });
+      expect(classified.secret).toEqual({ bar: "1970-01-01T00:00:00.100Z" });
+    });
+
     it("deletes disclosed properties from the secret member", () => {
       const classifier = SecretClassifier.allSecret<{ foo: boolean; bar: boolean }>().disclose(
         "foo",
@@ -106,15 +115,6 @@ describe("SecretClassifier", () => {
 
       expect(classified.disclosed).toEqual({});
     });
-
-    it("returns its input as the secret member", () => {
-      const classifier = SecretClassifier.allSecret<{ foo: boolean }>();
-      const input = { foo: true };
-
-      const classified = classifier.classify(input);
-
-      expect(classified.secret).toEqual(input);
-    });
   });
 
   describe("declassify", () => {
diff --git a/libs/common/src/tools/generator/state/secret-classifier.ts b/libs/common/src/tools/generator/state/secret-classifier.ts
index 232a31c686..a26b01ac5d 100644
--- a/libs/common/src/tools/generator/state/secret-classifier.ts
+++ b/libs/common/src/tools/generator/state/secret-classifier.ts
@@ -77,17 +77,19 @@ export class SecretClassifier<Plaintext extends object, Disclosed, Secret> {
   }
 
   /** Partitions `secret` into its disclosed properties and secret properties.
-   *  @param secret The object to partition
+   *  @param value The object to partition
    *  @returns an object that classifies secrets.
    *    The `disclosed` member is new and contains disclosed properties.
-   *    The `secret` member aliases the secret parameter, with all
-   *    disclosed and excluded properties deleted.
+   *    The `secret` member is a copy of the secret parameter, including its
+   *    prototype, with all disclosed and excluded properties deleted.
    */
-  classify(secret: Plaintext): { disclosed: Disclosed; secret: Secret } {
-    const copy = { ...secret };
+  classify(value: Plaintext): { disclosed: Jsonify<Disclosed>; secret: Jsonify<Secret> } {
+    // need to JSONify during classification because the prototype is almost guaranteed
+    // to be invalid when this  method deletes arbitrary properties.
+    const secret = JSON.parse(JSON.stringify(value)) as Record<keyof Plaintext, unknown>;
 
     for (const excludedProp of this.excluded) {
-      delete copy[excludedProp];
+      delete secret[excludedProp];
     }
 
     const disclosed: Record<PropertyKey, unknown> = {};
@@ -95,13 +97,13 @@ export class SecretClassifier<Plaintext extends object, Disclosed, Secret> {
       // disclosedProp is known to be a subset of the keys of `Plaintext`, so these
       // type assertions are accurate.
       // FIXME: prove it to the compiler
-      disclosed[disclosedProp] = copy[disclosedProp as unknown as keyof Plaintext];
-      delete copy[disclosedProp as unknown as keyof Plaintext];
+      disclosed[disclosedProp] = secret[disclosedProp as keyof Plaintext];
+      delete secret[disclosedProp as keyof Plaintext];
     }
 
     return {
-      disclosed: disclosed as Disclosed,
-      secret: copy as unknown as Secret,
+      disclosed: disclosed as Jsonify<Disclosed>,
+      secret: secret as Jsonify<Secret>,
     };
   }
 
diff --git a/libs/common/src/tools/generator/state/secret-key-definition.spec.ts b/libs/common/src/tools/generator/state/secret-key-definition.spec.ts
new file mode 100644
index 0000000000..7352631ff6
--- /dev/null
+++ b/libs/common/src/tools/generator/state/secret-key-definition.spec.ts
@@ -0,0 +1,208 @@
+import { GENERATOR_DISK } from "../../../platform/state";
+
+import { SecretClassifier } from "./secret-classifier";
+import { SecretKeyDefinition } from "./secret-key-definition";
+
+describe("SecretKeyDefinition", () => {
+  const classifier = SecretClassifier.allSecret<{ foo: boolean }>();
+  const options = { deserializer: (v: any) => v };
+
+  it("toEncryptedStateKey returns a key", () => {
+    const expectedOptions = {
+      deserializer: (v: any) => v,
+      cleanupDelayMs: 100,
+    };
+    const definition = SecretKeyDefinition.value(
+      GENERATOR_DISK,
+      "key",
+      classifier,
+      expectedOptions,
+    );
+    const expectedDeserializerResult = {} as any;
+
+    const result = definition.toEncryptedStateKey();
+    const deserializerResult = result.deserializer(expectedDeserializerResult);
+
+    expect(result.stateDefinition).toEqual(GENERATOR_DISK);
+    expect(result.key).toBe("key");
+    expect(result.cleanupDelayMs).toBe(expectedOptions.cleanupDelayMs);
+    expect(deserializerResult).toBe(expectedDeserializerResult);
+  });
+
+  describe("value", () => {
+    it("returns an initialized SecretKeyDefinition", () => {
+      const definition = SecretKeyDefinition.value(GENERATOR_DISK, "key", classifier, options);
+
+      expect(definition).toBeInstanceOf(SecretKeyDefinition);
+      expect(definition.stateDefinition).toBe(GENERATOR_DISK);
+      expect(definition.key).toBe("key");
+      expect(definition.classifier).toBe(classifier);
+    });
+
+    it("deconstruct returns an array with a single item", () => {
+      const definition = SecretKeyDefinition.value(GENERATOR_DISK, "key", classifier, options);
+      const value = { foo: true };
+
+      const result = definition.deconstruct(value);
+
+      expect(result).toEqual([[null, value]]);
+    });
+
+    it("reconstruct returns the inner value", () => {
+      const definition = SecretKeyDefinition.value(GENERATOR_DISK, "key", classifier, options);
+      const value = { foo: true };
+
+      const result = definition.reconstruct([[null, value]]);
+
+      expect(result).toBe(value);
+    });
+  });
+
+  describe("array", () => {
+    it("returns an initialized SecretKeyDefinition", () => {
+      const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+
+      expect(definition).toBeInstanceOf(SecretKeyDefinition);
+      expect(definition.stateDefinition).toBe(GENERATOR_DISK);
+      expect(definition.key).toBe("key");
+      expect(definition.classifier).toBe(classifier);
+    });
+
+    describe("deconstruct", () => {
+      it("over a 0-length array returns an empty array", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+        const value: { foo: boolean }[] = [];
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([]);
+      });
+
+      it("over a 1-length array returns a pair of indices and values", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+        const value = [{ foo: true }];
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([[0, value[0]]]);
+      });
+
+      it("over an n-length array returns n pairs of indices and values", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+        const value = [{ foo: true }, { foo: false }];
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([
+          [0, value[0]],
+          [1, value[1]],
+        ]);
+      });
+    });
+
+    describe("deconstruct", () => {
+      it("over a 0-length array of entries returns an empty array", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+
+        const result = definition.reconstruct([]);
+
+        expect(result).toStrictEqual([]);
+      });
+
+      it("over a 1-length array of entries returns a 1-length array", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+        const value = [{ foo: true }];
+
+        const result = definition.reconstruct([[0, value[0]]]);
+
+        expect(result).toStrictEqual(value);
+      });
+
+      it("over an n-length array of entries returns an n-length array", () => {
+        const definition = SecretKeyDefinition.array(GENERATOR_DISK, "key", classifier, options);
+        const value = [{ foo: true }, { foo: false }];
+
+        const result = definition.reconstruct([
+          [0, value[0]],
+          [1, value[1]],
+        ]);
+
+        expect(result).toStrictEqual(value);
+      });
+    });
+  });
+
+  describe("record", () => {
+    it("returns an initialized SecretKeyDefinition", () => {
+      const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+
+      expect(definition).toBeInstanceOf(SecretKeyDefinition);
+      expect(definition.stateDefinition).toBe(GENERATOR_DISK);
+      expect(definition.key).toBe("key");
+      expect(definition.classifier).toBe(classifier);
+    });
+
+    describe("deconstruct", () => {
+      it("over a 0-key record returns an empty array", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+        const value: Record<string, { foo: boolean }> = {};
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([]);
+      });
+
+      it("over a 1-key record returns a pair of indices and values", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+        const value = { foo: { foo: true } };
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([["foo", value["foo"]]]);
+      });
+
+      it("over an n-key record returns n pairs of indices and values", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+        const value = { foo: { foo: true }, bar: { foo: false } };
+
+        const result = definition.deconstruct(value);
+
+        expect(result).toStrictEqual([
+          ["foo", value["foo"]],
+          ["bar", value["bar"]],
+        ]);
+      });
+    });
+
+    describe("deconstruct", () => {
+      it("over a 0-key record of entries returns an empty array", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+
+        const result = definition.reconstruct([]);
+
+        expect(result).toStrictEqual({});
+      });
+
+      it("over a 1-key record of entries returns a 1-length record", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+        const value = { foo: { foo: true } };
+
+        const result = definition.reconstruct([["foo", value["foo"]]]);
+
+        expect(result).toStrictEqual(value);
+      });
+
+      it("over an n-key record of entries returns an n-length record", () => {
+        const definition = SecretKeyDefinition.record(GENERATOR_DISK, "key", classifier, options);
+        const value = { foo: { foo: true }, bar: { foo: false } };
+
+        const result = definition.reconstruct([
+          ["foo", value["foo"]],
+          ["bar", value["bar"]],
+        ]);
+
+        expect(result).toStrictEqual(value);
+      });
+    });
+  });
+});
diff --git a/libs/common/src/tools/generator/state/secret-key-definition.ts b/libs/common/src/tools/generator/state/secret-key-definition.ts
new file mode 100644
index 0000000000..0de59be624
--- /dev/null
+++ b/libs/common/src/tools/generator/state/secret-key-definition.ts
@@ -0,0 +1,107 @@
+import { KeyDefinition, KeyDefinitionOptions } from "../../../platform/state";
+// eslint-disable-next-line -- `StateDefinition` used as an argument
+import { StateDefinition } from "../../../platform/state/state-definition";
+import { ClassifiedFormat } from "./classified-format";
+import { SecretClassifier } from "./secret-classifier";
+
+/** Encryption and storage settings for data stored by a `SecretState`.
+ */
+export class SecretKeyDefinition<Outer, Id, Inner extends object, Disclosed, Secret> {
+  private constructor(
+    readonly stateDefinition: StateDefinition,
+    readonly key: string,
+    readonly classifier: SecretClassifier<Inner, Disclosed, Secret>,
+    readonly options: KeyDefinitionOptions<Inner>,
+    // type erasure is necessary here because typescript doesn't support
+    // higher kinded types that generalize over collections. The invariants
+    // needed to make this typesafe are maintained by the static factories.
+    readonly deconstruct: (value: any) => [Id, any][],
+    readonly reconstruct: ([inners, ids]: (readonly [Id, any])[]) => Outer,
+  ) {}
+
+  /** Converts the secret key to the `KeyDefinition` used for secret storage. */
+  toEncryptedStateKey() {
+    const secretKey = new KeyDefinition<ClassifiedFormat<Id, Disclosed>[]>(
+      this.stateDefinition,
+      this.key,
+      {
+        cleanupDelayMs: this.options.cleanupDelayMs,
+        deserializer: (jsonValue) => jsonValue as ClassifiedFormat<Id, Disclosed>[],
+      },
+    );
+
+    return secretKey;
+  }
+
+  /**
+   * Define a secret state for a single value
+   * @param stateDefinition The domain of the secret's durable state.
+   * @param key Domain key that identifies the stored value. This key must not be reused
+   *    in any capacity.
+   * @param classifier Partitions the value into encrypted, discarded, and public data.
+   * @param options Configures the operation of the secret state.
+   */
+  static value<Value extends object, Disclosed, Secret>(
+    stateDefinition: StateDefinition,
+    key: string,
+    classifier: SecretClassifier<Value, Disclosed, Secret>,
+    options: KeyDefinitionOptions<Value>,
+  ) {
+    return new SecretKeyDefinition<Value, void, Value, Disclosed, Secret>(
+      stateDefinition,
+      key,
+      classifier,
+      options,
+      (value) => [[null, value]],
+      ([[, inner]]) => inner,
+    );
+  }
+
+  /**
+   * Define a secret state for an array of values. Each item is encrypted separately.
+   * @param stateDefinition The domain of the secret's durable state.
+   * @param key Domain key that identifies the stored items. This key must not be reused
+   *    in any capacity.
+   * @param classifier Partitions each item into encrypted, discarded, and public data.
+   * @param options Configures the operation of the secret state.
+   */
+  static array<Item extends object, Disclosed, Secret>(
+    stateDefinition: StateDefinition,
+    key: string,
+    classifier: SecretClassifier<Item, Disclosed, Secret>,
+    options: KeyDefinitionOptions<Item>,
+  ) {
+    return new SecretKeyDefinition<Item[], number, Item, Disclosed, Secret>(
+      stateDefinition,
+      key,
+      classifier,
+      options,
+      (value) => value.map((v: any, id: number) => [id, v]),
+      (values) => values.map(([, v]) => v),
+    );
+  }
+
+  /**
+   * Define a secret state for a record. Each property is encrypted separately.
+   * @param stateDefinition The domain of the secret's durable state.
+   * @param key Domain key that identifies the stored properties. This key must not be reused
+   *    in any capacity.
+   * @param classifier Partitions each property into encrypted, discarded, and public data.
+   * @param options Configures the operation of the secret state.
+   */
+  static record<Item extends object, Disclosed, Secret, Id extends string | number>(
+    stateDefinition: StateDefinition,
+    key: string,
+    classifier: SecretClassifier<Item, Disclosed, Secret>,
+    options: KeyDefinitionOptions<Item>,
+  ) {
+    return new SecretKeyDefinition<Record<Id, Item>, Id, Item, Disclosed, Secret>(
+      stateDefinition,
+      key,
+      classifier,
+      options,
+      (value) => Object.entries(value) as [Id, Item][],
+      (values) => Object.fromEntries(values) as Record<Id, Item>,
+    );
+  }
+}
diff --git a/libs/common/src/tools/generator/state/secret-state.spec.ts b/libs/common/src/tools/generator/state/secret-state.spec.ts
index d4804fdb9b..1f5e14dde9 100644
--- a/libs/common/src/tools/generator/state/secret-state.spec.ts
+++ b/libs/common/src/tools/generator/state/secret-state.spec.ts
@@ -9,15 +9,18 @@ import {
   awaitAsync,
 } from "../../../../spec";
 import { EncString } from "../../../platform/models/domain/enc-string";
-import { KeyDefinition, GENERATOR_DISK } from "../../../platform/state";
+import { GENERATOR_DISK } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 
+import { SecretClassifier } from "./secret-classifier";
+import { SecretKeyDefinition } from "./secret-key-definition";
 import { SecretState } from "./secret-state";
 import { UserEncryptor } from "./user-encryptor.abstraction";
 
 type FooBar = { foo: boolean; bar: boolean; date?: Date };
-const FOOBAR_KEY = new KeyDefinition<FooBar>(GENERATOR_DISK, "fooBar", {
-  deserializer: (fb) => {
+const classifier = SecretClassifier.allSecret<FooBar>();
+const options: any = {
+  deserializer: (fb: FooBar) => {
     const result: FooBar = { foo: fb.foo, bar: fb.bar };
 
     if (fb.date) {
@@ -26,29 +29,33 @@ const FOOBAR_KEY = new KeyDefinition<FooBar>(GENERATOR_DISK, "fooBar", {
 
     return result;
   },
-});
+};
+const FOOBAR_VALUE = SecretKeyDefinition.value(GENERATOR_DISK, "fooBar", classifier, options);
+const FOOBAR_ARRAY = SecretKeyDefinition.array(GENERATOR_DISK, "fooBar", classifier, options);
+const FOOBAR_RECORD = SecretKeyDefinition.record(GENERATOR_DISK, "fooBar", classifier, options);
+
 const SomeUser = "some user" as UserId;
 
-function mockEncryptor(fooBar: FooBar[] = []): UserEncryptor<FooBar, Record<string, never>> {
+function mockEncryptor<T>(fooBar: T[] = []): UserEncryptor {
   // stores "encrypted values" so that they can be "decrypted" later
   // while allowing the operations to be interleaved.
   const encrypted = new Map<string, Jsonify<FooBar>>(
-    fooBar.map((fb) => [toKey(fb).encryptedString, toValue(fb)] as const),
+    fooBar.map((fb) => [toKey(fb as any).encryptedString, toValue(fb)] as const),
   );
 
-  const result = mock<UserEncryptor<FooBar, Record<string, never>>>({
-    encrypt(value: FooBar, user: UserId) {
-      const encString = toKey(value);
+  const result = mock<UserEncryptor>({
+    encrypt<T>(value: Jsonify<T>, user: UserId) {
+      const encString = toKey(value as any);
       encrypted.set(encString.encryptedString, toValue(value));
-      return Promise.resolve({ secret: encString, disclosed: {} });
+      return Promise.resolve(encString);
     },
-    decrypt(secret: EncString, disclosed: Record<string, never>, userId: UserId) {
-      const decString = encrypted.get(toValue(secret.encryptedString));
-      return Promise.resolve(decString);
+    decrypt(secret: EncString, userId: UserId) {
+      const decValue = encrypted.get(secret.encryptedString);
+      return Promise.resolve(decValue as any);
     },
   });
 
-  function toKey(value: FooBar) {
+  function toKey(value: Jsonify<T>) {
     // `stringify` is only relevant for its uniqueness as a key
     // to `encrypted`.
     return makeEncString(JSON.stringify(value));
@@ -59,9 +66,9 @@ function mockEncryptor(fooBar: FooBar[] = []): UserEncryptor<FooBar, Record<stri
     return JSON.parse(JSON.stringify(value));
   }
 
-  // chromatic pops a false positive about missing `encrypt` and `decrypt`
+  // typescript pops a false positive about missing `encrypt` and `decrypt`
   // functions, so assert the type manually.
-  return result as unknown as UserEncryptor<FooBar, Record<string, never>>;
+  return result as unknown as UserEncryptor;
 }
 
 async function fakeStateProvider() {
@@ -70,13 +77,13 @@ async function fakeStateProvider() {
   return stateProvider;
 }
 
-describe("UserEncryptor", () => {
+describe("SecretState", () => {
   describe("from", () => {
     it("returns a state store", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
 
-      const result = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const result = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
 
       expect(result).toBeInstanceOf(SecretState);
     });
@@ -87,7 +94,7 @@ describe("UserEncryptor", () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
 
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
 
       expect(state.userId).toEqual(SomeUser);
     });
@@ -95,7 +102,7 @@ describe("UserEncryptor", () => {
     it("state$ gets a set value", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const value = { foo: true, bar: false };
 
       await state.update(() => value);
@@ -105,10 +112,55 @@ describe("UserEncryptor", () => {
       expect(result).toEqual(value);
     });
 
+    it("round-trips json-serializable values", async () => {
+      const provider = await fakeStateProvider();
+      const encryptor = mockEncryptor();
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
+      const value = { foo: true, bar: true, date: new Date(1) };
+
+      await state.update(() => value);
+      await awaitAsync();
+      const result = await firstValueFrom(state.state$);
+
+      expect(result).toEqual(value);
+    });
+
+    it("state$ gets a set array", async () => {
+      const provider = await fakeStateProvider();
+      const encryptor = mockEncryptor();
+      const state = SecretState.from(SomeUser, FOOBAR_ARRAY, provider, encryptor);
+      const array = [
+        { foo: true, bar: false, date: new Date(1) },
+        { foo: false, bar: true },
+      ];
+
+      await state.update(() => array);
+      await awaitAsync();
+      const result = await firstValueFrom(state.state$);
+
+      expect(result).toStrictEqual(array);
+    });
+
+    it("state$ gets a set record", async () => {
+      const provider = await fakeStateProvider();
+      const encryptor = mockEncryptor();
+      const state = SecretState.from(SomeUser, FOOBAR_RECORD, provider, encryptor);
+      const record = {
+        baz: { foo: true, bar: false, date: new Date(1) },
+        biz: { foo: false, bar: true },
+      };
+
+      await state.update(() => record);
+      await awaitAsync();
+      const result = await firstValueFrom(state.state$);
+
+      expect(result).toStrictEqual(record);
+    });
+
     it("combinedState$ gets a set value with the userId", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const value = { foo: true, bar: false };
 
       await state.update(() => value);
@@ -119,23 +171,10 @@ describe("UserEncryptor", () => {
       expect(userId).toEqual(SomeUser);
     });
 
-    it("round-trips json-serializable values", async () => {
-      const provider = await fakeStateProvider();
-      const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
-      const value = { foo: true, bar: true, date: new Date(1) };
-
-      await state.update(() => value);
-      await awaitAsync();
-      const result = await firstValueFrom(state.state$);
-
-      expect(result).toEqual(value);
-    });
-
     it("gets the last set value", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const initialValue = { foo: true, bar: false };
       const replacementValue = { foo: false, bar: false };
 
@@ -150,7 +189,7 @@ describe("UserEncryptor", () => {
     it("interprets shouldUpdate option", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const initialValue = { foo: true, bar: false };
       const replacementValue = { foo: false, bar: false };
 
@@ -164,7 +203,7 @@ describe("UserEncryptor", () => {
     it("sets the state to `null` when `update` returns `null`", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const value = { foo: true, bar: false };
 
       await state.update(() => value);
@@ -178,7 +217,7 @@ describe("UserEncryptor", () => {
     it("sets the state to `null` when `update` returns `undefined`", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const value = { foo: true, bar: false };
 
       await state.update(() => value);
@@ -192,7 +231,7 @@ describe("UserEncryptor", () => {
     it("sends rxjs observables into the shouldUpdate method", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const combinedWith$ = from([1]);
       let combinedShouldUpdate = 0;
 
@@ -210,7 +249,7 @@ describe("UserEncryptor", () => {
     it("sends rxjs observables into the update method", async () => {
       const provider = await fakeStateProvider();
       const encryptor = mockEncryptor();
-      const state = SecretState.from(SomeUser, FOOBAR_KEY, provider, encryptor);
+      const state = SecretState.from(SomeUser, FOOBAR_VALUE, provider, encryptor);
       const combinedWith$ = from([1]);
       let combinedUpdate = 0;
 
diff --git a/libs/common/src/tools/generator/state/secret-state.ts b/libs/common/src/tools/generator/state/secret-state.ts
index 62855c3280..dc4ee119a6 100644
--- a/libs/common/src/tools/generator/state/secret-state.ts
+++ b/libs/common/src/tools/generator/state/secret-state.ts
@@ -1,11 +1,7 @@
-import { Observable, concatMap, of, zip, map } from "rxjs";
-import { Jsonify } from "type-fest";
+import { Observable, map, concatMap, share, ReplaySubject, timer } from "rxjs";
 
 import { EncString } from "../../../platform/models/domain/enc-string";
 import {
-  DeriveDefinition,
-  DerivedState,
-  KeyDefinition,
   SingleUserState,
   StateProvider,
   StateUpdateOptions,
@@ -13,22 +9,11 @@ import {
 } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 
+import { ClassifiedFormat } from "./classified-format";
+import { SecretKeyDefinition } from "./secret-key-definition";
 import { UserEncryptor } from "./user-encryptor.abstraction";
 
-/** Describes the structure of data stored by the SecretState's
- *  encrypted state. Notably, this interface ensures that `Disclosed`
- *  round trips through JSON serialization.
- */
-type ClassifiedFormat<Disclosed> = {
-  /** Serialized {@link EncString} of the secret state's
-   *  secret-level classified data.
-   */
-  secret: string;
-  /** serialized representation of the secret state's
-   * disclosed-level classified data.
-   */
-  disclosed: Jsonify<Disclosed>;
-};
+const ONE_MINUTE = 1000 * 60;
 
 /** Stores account-specific secrets protected by a UserKeyEncryptor.
  *
@@ -38,33 +23,51 @@ type ClassifiedFormat<Disclosed> = {
  *
  *  DO NOT USE THIS for synchronized data.
  */
-export class SecretState<Plaintext extends object, Disclosed>
-  implements SingleUserState<Plaintext>
+export class SecretState<Outer, Id, Plaintext extends object, Disclosed, Secret>
+  implements SingleUserState<Outer>
 {
   // The constructor is private to avoid creating a circular dependency when
   // wiring the derived and secret states together.
   private constructor(
-    private readonly encryptor: UserEncryptor<Plaintext, Disclosed>,
-    private readonly encrypted: SingleUserState<ClassifiedFormat<Disclosed>>,
-    private readonly plaintext: DerivedState<Plaintext>,
+    private readonly key: SecretKeyDefinition<Outer, Id, Plaintext, Disclosed, Secret>,
+    private readonly encryptor: UserEncryptor,
+    userId: UserId,
+    provider: StateProvider,
   ) {
-    this.state$ = plaintext.state$;
-    this.combinedState$ = plaintext.state$.pipe(map((state) => [this.encrypted.userId, state]));
+    // construct the backing store
+    this.encryptedState = provider.getUser(userId, key.toEncryptedStateKey());
+
+    // cache plaintext
+    this.combinedState$ = this.encryptedState.combinedState$.pipe(
+      concatMap(
+        async ([userId, state]) => [userId, await this.declassifyAll(state)] as [UserId, Outer],
+      ),
+      share({
+        connector: () => {
+          return new ReplaySubject<[UserId, Outer]>(1);
+        },
+        resetOnRefCountZero: () => timer(key.options.cleanupDelayMs ?? ONE_MINUTE),
+      }),
+    );
+
+    this.state$ = this.combinedState$.pipe(map(([, state]) => state));
   }
 
+  private readonly encryptedState: SingleUserState<ClassifiedFormat<Id, Disclosed>[]>;
+
   /** {@link SingleUserState.userId} */
   get userId() {
-    return this.encrypted.userId;
+    return this.encryptedState.userId;
   }
 
   /** Observes changes to the decrypted secret state. The observer
    *  updates after the secret has been recorded to state storage.
    *  @returns `undefined` when the account is locked.
    */
-  readonly state$: Observable<Plaintext>;
+  readonly state$: Observable<Outer>;
 
   /** {@link SingleUserState.combinedState$} */
-  readonly combinedState$: Observable<CombinedState<Plaintext>>;
+  readonly combinedState$: Observable<CombinedState<Outer>>;
 
   /** Creates a secret state bound to an account encryptor. The account must be unlocked
    *  when this method is called.
@@ -78,52 +81,75 @@ export class SecretState<Plaintext extends object, Disclosed>
    *    encrypted, and stored in a `secret` property. Disclosed-classification data is stored
    *    in a `disclosed` property. Omitted-classification data is not stored.
    */
-  static from<TFrom extends object, Disclosed>(
+  static from<Outer, Id, TFrom extends object, Disclosed, Secret>(
     userId: UserId,
-    key: KeyDefinition<TFrom>,
+    key: SecretKeyDefinition<Outer, Id, TFrom, Disclosed, Secret>,
     provider: StateProvider,
-    encryptor: UserEncryptor<TFrom, Disclosed>,
+    encryptor: UserEncryptor,
   ) {
-    // construct encrypted backing store while avoiding collisions between the derived key and the
-    // backing storage key.
-    const secretKey = new KeyDefinition<ClassifiedFormat<Disclosed>>(key.stateDefinition, key.key, {
-      cleanupDelayMs: key.cleanupDelayMs,
-      // FIXME: When the fakes run deserializers and serialization can be guaranteed through
-      // state providers, decode `jsonValue.secret` instead of it running in `derive`.
-      deserializer: (jsonValue) => jsonValue as ClassifiedFormat<Disclosed>,
-    });
-    const encryptedState = provider.getUser(userId, secretKey);
-
-    // construct plaintext store
-    const plaintextDefinition = DeriveDefinition.from<ClassifiedFormat<Disclosed>, TFrom>(
-      secretKey,
-      {
-        derive: async (from) => {
-          // fail fast if there's no value
-          if (from === null || from === undefined) {
-            return null;
-          }
-
-          // otherwise forward the decrypted data to the caller's derive implementation
-          const secret = EncString.fromJSON(from.secret);
-          const decrypted = await encryptor.decrypt(secret, from.disclosed, encryptedState.userId);
-          const result = key.deserializer(decrypted) as TFrom;
-
-          return result;
-        },
-        // wire in the caller's deserializer for memory serialization
-        deserializer: key.deserializer,
-        // cache the decrypted data in memory
-        cleanupDelayMs: key.cleanupDelayMs,
-      },
-    );
-    const plaintextState = provider.getDerived(encryptedState.state$, plaintextDefinition, null);
-
-    // wrap the encrypted and plaintext states in a `SecretState` facade
-    const secretState = new SecretState(encryptor, encryptedState, plaintextState);
+    const secretState = new SecretState(key, encryptor, userId, provider);
     return secretState;
   }
 
+  private async declassifyItem({ id, secret, disclosed }: ClassifiedFormat<Id, Disclosed>) {
+    const encrypted = EncString.fromJSON(secret);
+    const decrypted = await this.encryptor.decrypt(encrypted, this.encryptedState.userId);
+
+    const declassified = this.key.classifier.declassify(disclosed, decrypted);
+    const result = [id, this.key.options.deserializer(declassified)] as const;
+
+    return result;
+  }
+
+  private async declassifyAll(data: ClassifiedFormat<Id, Disclosed>[]) {
+    // fail fast if there's no value
+    if (data === null || data === undefined) {
+      return null;
+    }
+
+    // decrypt each item
+    const decryptTasks = data.map(async (item) => this.declassifyItem(item));
+
+    // reconstruct expected type
+    const results = await Promise.all(decryptTasks);
+    const result = this.key.reconstruct(results);
+
+    return result;
+  }
+
+  private async classifyItem([id, item]: [Id, Plaintext]) {
+    const classified = this.key.classifier.classify(item);
+    const encrypted = await this.encryptor.encrypt(classified.secret, this.encryptedState.userId);
+
+    // the deserializer in the plaintextState's `derive` configuration always runs, but
+    // `encryptedState` is not guaranteed to serialize the data, so it's necessary to
+    // round-trip `encrypted` proactively.
+    const serialized = {
+      id,
+      secret: JSON.parse(JSON.stringify(encrypted)),
+      disclosed: classified.disclosed,
+    } as ClassifiedFormat<Id, Disclosed>;
+
+    return serialized;
+  }
+
+  private async classifyAll(data: Outer) {
+    // fail fast if there's no value
+    if (data === null || data === undefined) {
+      return null;
+    }
+
+    // convert the object to a list format so that all encrypt and decrypt
+    // operations are self-similar
+    const desconstructed = this.key.deconstruct(data);
+
+    // encrypt each value individually
+    const classifyTasks = desconstructed.map(async (item) => this.classifyItem(item));
+    const classified = await Promise.all(classifyTasks);
+
+    return classified;
+  }
+
   /** Updates the secret stored by this state.
    *  @param configureState a callback that returns an updated decrypted
    *   secret state. The callback receives the state's present value as its
@@ -138,67 +164,33 @@ export class SecretState<Plaintext extends object, Disclosed>
    *   they can be lost when the secret state updates its backing store.
    */
   async update<TCombine>(
-    configureState: (state: Plaintext, dependencies: TCombine) => Plaintext,
-    options: StateUpdateOptions<Plaintext, TCombine> = null,
-  ): Promise<Plaintext> {
-    // reactively grab the latest state from the caller. `zip` requires each
-    // observable has a value, so `combined$` provides a default if necessary.
-    const combined$ = options?.combineLatestWith ?? of(undefined);
-    const newState$ = zip(this.plaintext.state$, combined$).pipe(
-      concatMap(([currentState, combined]) =>
-        this.prepareCryptoState(
-          currentState,
-          () => options?.shouldUpdate?.(currentState, combined) ?? true,
-          () => configureState(currentState, combined),
-        ),
-      ),
-    );
-
-    // update the backing store
-    let latestValue: Plaintext = null;
-    await this.encrypted.update((_, [, newStoredState]) => newStoredState, {
-      combineLatestWith: newState$,
-      shouldUpdate: (_, [shouldUpdate, , newState]) => {
-        // need to grab the latest value from the closure since the derived state
-        // could return its cached value, and this must be done in `shouldUpdate`
-        // because `configureState` may not run.
-        latestValue = newState;
-        return shouldUpdate;
+    configureState: (state: Outer, dependencies: TCombine) => Outer,
+    options: StateUpdateOptions<Outer, TCombine> = null,
+  ): Promise<Outer> {
+    // read the backing store
+    let latestClassified: ClassifiedFormat<Id, Disclosed>[];
+    let latestCombined: TCombine;
+    await this.encryptedState.update((c) => c, {
+      shouldUpdate: (latest, combined) => {
+        latestClassified = latest;
+        latestCombined = combined;
+        return false;
       },
+      combineLatestWith: options?.combineLatestWith,
     });
 
-    return latestValue;
-  }
-
-  private async prepareCryptoState(
-    currentState: Plaintext,
-    shouldUpdate: () => boolean,
-    configureState: () => Plaintext,
-  ): Promise<[boolean, ClassifiedFormat<Disclosed>, Plaintext]> {
-    // determine whether an update is necessary
-    if (!shouldUpdate()) {
-      return [false, undefined, currentState];
+    // exit early if there's no update to apply
+    const latestDeclassified = await this.declassifyAll(latestClassified);
+    const shouldUpdate = options?.shouldUpdate?.(latestDeclassified, latestCombined) ?? true;
+    if (!shouldUpdate) {
+      return latestDeclassified;
     }
 
-    // calculate the update
-    const newState = configureState();
-    if (newState === null || newState === undefined) {
-      return [true, newState as any, newState];
-    }
+    // apply the update
+    const updatedDeclassified = configureState(latestDeclassified, latestCombined);
+    const updatedClassified = await this.classifyAll(updatedDeclassified);
+    await this.encryptedState.update(() => updatedClassified);
 
-    // the encrypt format *is* the storage format, so if the shape of that data changes,
-    // this needs to map it explicitly for compatibility purposes.
-    const newStoredState = await this.encryptor.encrypt(newState, this.encrypted.userId);
-
-    // the deserializer in the plaintextState's `derive` configuration always runs, but
-    // `encryptedState` is not guaranteed to serialize the data, so it's necessary to
-    // round-trip it proactively. This will cause some duplicate work in those situations
-    // where the backing store does deserialize the data.
-    //
-    // FIXME: Once there's a backing store configuration setting guaranteeing serialization,
-    // remove this code and configure the backing store as appropriate.
-    const serializedState = JSON.parse(JSON.stringify(newStoredState));
-
-    return [true, serializedState, newState];
+    return updatedDeclassified;
   }
 }
diff --git a/libs/common/src/tools/generator/state/user-encryptor.abstraction.ts b/libs/common/src/tools/generator/state/user-encryptor.abstraction.ts
index 88a8bbe589..76539a0edf 100644
--- a/libs/common/src/tools/generator/state/user-encryptor.abstraction.ts
+++ b/libs/common/src/tools/generator/state/user-encryptor.abstraction.ts
@@ -7,9 +7,9 @@ import { UserId } from "../../../types/guid";
  *  user-specific information. The specific kind of information is
  *  determined by the classification strategy.
  */
-export abstract class UserEncryptor<State extends object, Disclosed> {
+export abstract class UserEncryptor {
   /** Protects secrets in `value` with a user-specific key.
-   *  @param value the object to protect. This object is mutated during encryption.
+   *  @param secret the object to protect. This object is mutated during encryption.
    *  @param userId identifies the user-specific information used to protect
    *    the secret.
    *  @returns a promise that resolves to a tuple. The tuple's first property contains
@@ -17,15 +17,11 @@ export abstract class UserEncryptor<State extends object, Disclosed> {
    *    properties.
    *   @throws If `value` is `null` or `undefined`, the promise rejects with an error.
    */
-  abstract encrypt(
-    value: State,
-    userId: UserId,
-  ): Promise<{ secret: EncString; disclosed: Disclosed }>;
+  abstract encrypt<Secret>(secret: Jsonify<Secret>, userId: UserId): Promise<EncString>;
 
   /** Combines protected secrets and disclosed data into a type that can be
    *  rehydrated into a domain object.
-   *  @param secret an encrypted JSON payload containing State's secrets.
-   *  @param disclosed a data object containing State's disclosed properties.
+   *  @param secret an encrypted JSON payload containing encrypted secrets.
    *  @param userId identifies the user-specific information used to protect
    *    the secret.
    *  @returns a promise that resolves to the raw state. This state *is not* a
@@ -34,9 +30,5 @@ export abstract class UserEncryptor<State extends object, Disclosed> {
    *  @throws If `secret` or `disclosed` is `null` or `undefined`, the promise
    *    rejects with an error.
    */
-  abstract decrypt(
-    secret: EncString,
-    disclosed: Jsonify<Disclosed>,
-    userId: UserId,
-  ): Promise<Jsonify<State>>;
+  abstract decrypt<Secret>(secret: EncString, userId: UserId): Promise<Jsonify<Secret>>;
 }
diff --git a/libs/common/src/tools/generator/state/user-key-encryptor.spec.ts b/libs/common/src/tools/generator/state/user-key-encryptor.spec.ts
index e91cbe6b6b..072f7bd8f3 100644
--- a/libs/common/src/tools/generator/state/user-key-encryptor.spec.ts
+++ b/libs/common/src/tools/generator/state/user-key-encryptor.spec.ts
@@ -9,7 +9,6 @@ import { UserId } from "../../../types/guid";
 import { UserKey } from "../../../types/key";
 
 import { DataPacker } from "./data-packer.abstraction";
-import { SecretClassifier } from "./secret-classifier";
 import { UserKeyEncryptor } from "./user-key-encryptor";
 
 describe("UserKeyEncryptor", () => {
@@ -38,103 +37,75 @@ describe("UserKeyEncryptor", () => {
 
   describe("encrypt", () => {
     it("should throw if value was not supplied", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
 
-      await expect(encryptor.encrypt(null, anyUserId)).rejects.toThrow(
-        "value cannot be null or undefined",
+      await expect(encryptor.encrypt<Record<string, never>>(null, anyUserId)).rejects.toThrow(
+        "secret cannot be null or undefined",
       );
-      await expect(encryptor.encrypt(undefined, anyUserId)).rejects.toThrow(
-        "value cannot be null or undefined",
+      await expect(encryptor.encrypt<Record<string, never>>(undefined, anyUserId)).rejects.toThrow(
+        "secret cannot be null or undefined",
       );
     });
 
     it("should throw if userId was not supplied", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
 
-      await expect(encryptor.encrypt({} as any, null)).rejects.toThrow(
+      await expect(encryptor.encrypt({}, null)).rejects.toThrow(
         "userId cannot be null or undefined",
       );
-      await expect(encryptor.encrypt({} as any, undefined)).rejects.toThrow(
+      await expect(encryptor.encrypt({}, undefined)).rejects.toThrow(
         "userId cannot be null or undefined",
       );
     });
 
-    it("should classify data into a disclosed value and an encrypted packed value using the user's key", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const classifierClassify = jest.spyOn(classifier, "classify");
-      const disclosed = {} as any;
-      const secret = {} as any;
-      classifierClassify.mockReturnValue({ disclosed, secret });
-
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+    it("should encrypt a packed value using the user's key", async () => {
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
       const value = { foo: true };
 
       const result = await encryptor.encrypt(value, anyUserId);
 
-      expect(classifierClassify).toHaveBeenCalledWith(value);
+      // these are data flow expectations; the operations all all pass-through mocks
       expect(keyService.getUserKey).toHaveBeenCalledWith(anyUserId);
-      expect(dataPacker.pack).toHaveBeenCalledWith(secret);
-      expect(encryptService.encrypt).toHaveBeenCalledWith(secret, userKey);
-      expect(result.secret).toBe(secret);
-      expect(result.disclosed).toBe(disclosed);
+      expect(dataPacker.pack).toHaveBeenCalledWith(value);
+      expect(encryptService.encrypt).toHaveBeenCalledWith(value, userKey);
+      expect(result).toBe(value);
     });
   });
 
   describe("decrypt", () => {
     it("should throw if secret was not supplied", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
 
-      await expect(encryptor.decrypt(null, {} as any, anyUserId)).rejects.toThrow(
+      await expect(encryptor.decrypt(null, anyUserId)).rejects.toThrow(
         "secret cannot be null or undefined",
       );
-      await expect(encryptor.decrypt(undefined, {} as any, anyUserId)).rejects.toThrow(
+      await expect(encryptor.decrypt(undefined, anyUserId)).rejects.toThrow(
         "secret cannot be null or undefined",
       );
     });
 
-    it("should throw if disclosed was not supplied", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
-
-      await expect(encryptor.decrypt({} as any, null, anyUserId)).rejects.toThrow(
-        "disclosed cannot be null or undefined",
-      );
-      await expect(encryptor.decrypt({} as any, undefined, anyUserId)).rejects.toThrow(
-        "disclosed cannot be null or undefined",
-      );
-    });
-
     it("should throw if userId was not supplied", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
 
-      await expect(encryptor.decrypt({} as any, {} as any, null)).rejects.toThrow(
+      await expect(encryptor.decrypt({} as any, null)).rejects.toThrow(
         "userId cannot be null or undefined",
       );
-      await expect(encryptor.decrypt({} as any, {} as any, undefined)).rejects.toThrow(
+      await expect(encryptor.decrypt({} as any, undefined)).rejects.toThrow(
         "userId cannot be null or undefined",
       );
     });
 
     it("should declassify a decrypted packed value using the user's key", async () => {
-      const classifier = SecretClassifier.allSecret<object>();
-      const classifierDeclassify = jest.spyOn(classifier, "declassify");
-      const declassified = {} as any;
-      classifierDeclassify.mockReturnValue(declassified);
-      const encryptor = new UserKeyEncryptor(encryptService, keyService, classifier, dataPacker);
+      const encryptor = new UserKeyEncryptor(encryptService, keyService, dataPacker);
       const secret = "encrypted" as any;
-      const disclosed = {} as any;
 
-      const result = await encryptor.decrypt(secret, disclosed, anyUserId);
+      const result = await encryptor.decrypt(secret, anyUserId);
 
+      // these are data flow expectations; the operations all all pass-through mocks
       expect(keyService.getUserKey).toHaveBeenCalledWith(anyUserId);
       expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(secret, userKey);
       expect(dataPacker.unpack).toHaveBeenCalledWith(secret);
-      expect(classifierDeclassify).toHaveBeenCalledWith(disclosed, secret);
-      expect(result).toBe(declassified);
+      expect(result).toBe(secret);
     });
   });
 });
diff --git a/libs/common/src/tools/generator/state/user-key-encryptor.ts b/libs/common/src/tools/generator/state/user-key-encryptor.ts
index 8b78f5e229..27724d820d 100644
--- a/libs/common/src/tools/generator/state/user-key-encryptor.ts
+++ b/libs/common/src/tools/generator/state/user-key-encryptor.ts
@@ -6,59 +6,44 @@ import { EncString } from "../../../platform/models/domain/enc-string";
 import { UserId } from "../../../types/guid";
 
 import { DataPacker } from "./data-packer.abstraction";
-import { SecretClassifier } from "./secret-classifier";
 import { UserEncryptor } from "./user-encryptor.abstraction";
 
 /** A classification strategy that protects a type's secrets by encrypting them
  *  with a `UserKey`
  */
-export class UserKeyEncryptor<State extends object, Disclosed, Secret> extends UserEncryptor<
-  State,
-  Disclosed
-> {
+export class UserKeyEncryptor extends UserEncryptor {
   /** Instantiates the encryptor
    *  @param encryptService protects properties of `Secret`.
    *  @param keyService looks up the user key when protecting data.
-   *  @param classifier partitions secrets and disclosed information.
    *  @param dataPacker packs and unpacks data classified as secrets.
    */
   constructor(
     private readonly encryptService: EncryptService,
     private readonly keyService: CryptoService,
-    private readonly classifier: SecretClassifier<State, Disclosed, Secret>,
     private readonly dataPacker: DataPacker,
   ) {
     super();
   }
 
   /** {@link UserEncryptor.encrypt} */
-  async encrypt(
-    value: State,
-    userId: UserId,
-  ): Promise<{ secret: EncString; disclosed: Disclosed }> {
-    this.assertHasValue("value", value);
+  async encrypt<Secret>(secret: Jsonify<Secret>, userId: UserId): Promise<EncString> {
+    this.assertHasValue("secret", secret);
     this.assertHasValue("userId", userId);
 
-    const classified = this.classifier.classify(value);
-    let packed = this.dataPacker.pack(classified.secret);
+    let packed = this.dataPacker.pack(secret);
 
     // encrypt the data and drop the key
     let key = await this.keyService.getUserKey(userId);
-    const secret = await this.encryptService.encrypt(packed, key);
+    const encrypted = await this.encryptService.encrypt(packed, key);
     packed = null;
     key = null;
 
-    return { ...classified, secret };
+    return encrypted;
   }
 
   /** {@link UserEncryptor.decrypt} */
-  async decrypt(
-    secret: EncString,
-    disclosed: Jsonify<Disclosed>,
-    userId: UserId,
-  ): Promise<Jsonify<State>> {
+  async decrypt<Secret>(secret: EncString, userId: UserId): Promise<Jsonify<Secret>> {
     this.assertHasValue("secret", secret);
-    this.assertHasValue("disclosed", disclosed);
     this.assertHasValue("userId", userId);
 
     // decrypt the data and drop the key
@@ -70,9 +55,7 @@ export class UserKeyEncryptor<State extends object, Disclosed, Secret> extends U
     const unpacked = this.dataPacker.unpack<Secret>(decrypted);
     decrypted = null;
 
-    const jsonValue = this.classifier.declassify(disclosed, unpacked);
-
-    return jsonValue;
+    return unpacked;
   }
 
   private assertHasValue(name: string, value: any) {
diff --git a/libs/common/src/tools/generator/username/catchall-generator-strategy.spec.ts b/libs/common/src/tools/generator/username/catchall-generator-strategy.spec.ts
index dafb55feba..339e4b2720 100644
--- a/libs/common/src/tools/generator/username/catchall-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/username/catchall-generator-strategy.spec.ts
@@ -1,4 +1,5 @@
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
@@ -12,39 +13,26 @@ import { CATCHALL_SETTINGS } from "../key-definitions";
 import { CatchallGeneratorStrategy, UsernameGenerationServiceAbstraction } from ".";
 
 const SomeUser = "some user" as UserId;
+const SomePolicy = mock<Policy>({
+  type: PolicyType.PasswordGenerator,
+  data: {
+    minLength: 10,
+  },
+});
 
 describe("Email subaddress list generation strategy", () => {
-  describe("evaluator()", () => {
-    it("should throw if the policy type is incorrect", () => {
-      const strategy = new CatchallGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.DisableSend,
-      });
+  describe("toEvaluator()", () => {
+    it.each([[[]], [null], [undefined], [[SomePolicy]], [[SomePolicy, SomePolicy]]])(
+      "should map any input (= %p) to the default policy evaluator",
+      async (policies) => {
+        const strategy = new CatchallGeneratorStrategy(null, null);
 
-      expect(() => strategy.evaluator(policy)).toThrow(new RegExp("Mismatched policy type\\. .+"));
-    });
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
 
-    it("should map to the policy evaluator", () => {
-      const strategy = new CatchallGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.PasswordGenerator,
-        data: {
-          minLength: 10,
-        },
-      });
-
-      const evaluator = strategy.evaluator(policy);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-      expect(evaluator.policy).toMatchObject({});
-    });
-
-    it("should map `null` to a default policy evaluator", () => {
-      const strategy = new CatchallGeneratorStrategy(null, null);
-      const evaluator = strategy.evaluator(null);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-    });
+        expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
+      },
+    );
   });
 
   describe("durableState", () => {
diff --git a/libs/common/src/tools/generator/username/catchall-generator-strategy.ts b/libs/common/src/tools/generator/username/catchall-generator-strategy.ts
index aadca78b3b..6b36ebd50b 100644
--- a/libs/common/src/tools/generator/username/catchall-generator-strategy.ts
+++ b/libs/common/src/tools/generator/username/catchall-generator-strategy.ts
@@ -1,5 +1,6 @@
+import { map, pipe } from "rxjs";
+
 import { PolicyType } from "../../../admin-console/enums";
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { GeneratorStrategy } from "../abstractions";
@@ -41,18 +42,9 @@ export class CatchallGeneratorStrategy
     return ONE_MINUTE;
   }
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator(policy: Policy) {
-    if (!policy) {
-      return new DefaultPolicyEvaluator<CatchallGenerationOptions>();
-    }
-
-    if (policy.type !== this.policy) {
-      const details = `Expected: ${this.policy}. Received: ${policy.type}`;
-      throw Error("Mismatched policy type. " + details);
-    }
-
-    return new DefaultPolicyEvaluator<CatchallGenerationOptions>();
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator() {
+    return pipe(map((_) => new DefaultPolicyEvaluator<CatchallGenerationOptions>()));
   }
 
   /** {@link GeneratorStrategy.generate} */
diff --git a/libs/common/src/tools/generator/username/eff-username-generator-strategy.spec.ts b/libs/common/src/tools/generator/username/eff-username-generator-strategy.spec.ts
index 0fb5bf573c..821b4bb7dc 100644
--- a/libs/common/src/tools/generator/username/eff-username-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/username/eff-username-generator-strategy.spec.ts
@@ -1,4 +1,5 @@
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
@@ -12,39 +13,26 @@ import { EFF_USERNAME_SETTINGS } from "../key-definitions";
 import { EffUsernameGeneratorStrategy, UsernameGenerationServiceAbstraction } from ".";
 
 const SomeUser = "some user" as UserId;
+const SomePolicy = mock<Policy>({
+  type: PolicyType.PasswordGenerator,
+  data: {
+    minLength: 10,
+  },
+});
 
 describe("EFF long word list generation strategy", () => {
-  describe("evaluator()", () => {
-    it("should throw if the policy type is incorrect", () => {
-      const strategy = new EffUsernameGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.DisableSend,
-      });
+  describe("toEvaluator()", () => {
+    it.each([[[]], [null], [undefined], [[SomePolicy]], [[SomePolicy, SomePolicy]]])(
+      "should map any input (= %p) to the default policy evaluator",
+      async (policies) => {
+        const strategy = new EffUsernameGeneratorStrategy(null, null);
 
-      expect(() => strategy.evaluator(policy)).toThrow(new RegExp("Mismatched policy type\\. .+"));
-    });
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
 
-    it("should map to the policy evaluator", () => {
-      const strategy = new EffUsernameGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.PasswordGenerator,
-        data: {
-          minLength: 10,
-        },
-      });
-
-      const evaluator = strategy.evaluator(policy);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-      expect(evaluator.policy).toMatchObject({});
-    });
-
-    it("should map `null` to a default policy evaluator", () => {
-      const strategy = new EffUsernameGeneratorStrategy(null, null);
-      const evaluator = strategy.evaluator(null);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-    });
+        expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
+      },
+    );
   });
 
   describe("durableState", () => {
diff --git a/libs/common/src/tools/generator/username/eff-username-generator-strategy.ts b/libs/common/src/tools/generator/username/eff-username-generator-strategy.ts
index e0179895ae..133b4e7777 100644
--- a/libs/common/src/tools/generator/username/eff-username-generator-strategy.ts
+++ b/libs/common/src/tools/generator/username/eff-username-generator-strategy.ts
@@ -1,5 +1,6 @@
+import { map, pipe } from "rxjs";
+
 import { PolicyType } from "../../../admin-console/enums";
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { GeneratorStrategy } from "../abstractions";
@@ -41,18 +42,9 @@ export class EffUsernameGeneratorStrategy
     return ONE_MINUTE;
   }
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator(policy: Policy) {
-    if (!policy) {
-      return new DefaultPolicyEvaluator<EffUsernameGenerationOptions>();
-    }
-
-    if (policy.type !== this.policy) {
-      const details = `Expected: ${this.policy}. Received: ${policy.type}`;
-      throw Error("Mismatched policy type. " + details);
-    }
-
-    return new DefaultPolicyEvaluator<EffUsernameGenerationOptions>();
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator() {
+    return pipe(map((_) => new DefaultPolicyEvaluator<EffUsernameGenerationOptions>()));
   }
 
   /** {@link GeneratorStrategy.generate} */
diff --git a/libs/common/src/tools/generator/username/forwarder-generator-strategy.spec.ts b/libs/common/src/tools/generator/username/forwarder-generator-strategy.spec.ts
index 96a7bca2b1..30dd620484 100644
--- a/libs/common/src/tools/generator/username/forwarder-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/username/forwarder-generator-strategy.spec.ts
@@ -1,6 +1,11 @@
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { FakeStateProvider, mockAccountServiceWith } from "../../../../spec";
+import { PolicyType } from "../../../admin-console/enums";
+// FIXME: use index.ts imports once policy abstractions and models
+// implement ADR-0002
+import { Policy } from "../../../admin-console/models/domain/policy";
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../../platform/abstractions/encrypt.service";
 import { StateProvider } from "../../../platform/state";
@@ -29,6 +34,12 @@ class TestForwarder extends ForwarderGeneratorStrategy<ApiOptions> {
 
 const SomeUser = "some user" as UserId;
 const AnotherUser = "another user" as UserId;
+const SomePolicy = mock<Policy>({
+  type: PolicyType.PasswordGenerator,
+  data: {
+    minLength: 10,
+  },
+});
 
 describe("ForwarderGeneratorStrategy", () => {
   const encryptService = mock<EncryptService>();
@@ -63,11 +74,17 @@ describe("ForwarderGeneratorStrategy", () => {
     });
   });
 
-  it("evaluator returns the default policy evaluator", () => {
-    const strategy = new TestForwarder(null, null, null);
+  describe("toEvaluator()", () => {
+    it.each([[[]], [null], [undefined], [[SomePolicy]], [[SomePolicy, SomePolicy]]])(
+      "should map any input (= %p) to the default policy evaluator",
+      async (policies) => {
+        const strategy = new TestForwarder(encryptService, keyService, stateProvider);
 
-    const result = strategy.evaluator(null);
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
 
-    expect(result).toBeInstanceOf(DefaultPolicyEvaluator);
+        expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
+      },
+    );
   });
 });
diff --git a/libs/common/src/tools/generator/username/forwarder-generator-strategy.ts b/libs/common/src/tools/generator/username/forwarder-generator-strategy.ts
index 554bbfca62..8b78f22634 100644
--- a/libs/common/src/tools/generator/username/forwarder-generator-strategy.ts
+++ b/libs/common/src/tools/generator/username/forwarder-generator-strategy.ts
@@ -1,14 +1,16 @@
+import { map, pipe } from "rxjs";
+
 import { PolicyType } from "../../../admin-console/enums";
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../../platform/abstractions/encrypt.service";
-import { KeyDefinition, StateProvider } from "../../../platform/state";
+import { KeyDefinition, SingleUserState, StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { GeneratorStrategy } from "../abstractions";
 import { DefaultPolicyEvaluator } from "../default-policy-evaluator";
 import { NoPolicy } from "../no-policy";
 import { PaddedDataPacker } from "../state/padded-data-packer";
 import { SecretClassifier } from "../state/secret-classifier";
+import { SecretKeyDefinition } from "../state/secret-key-definition";
 import { SecretState } from "../state/secret-state";
 import { UserKeyEncryptor } from "../state/user-key-encryptor";
 
@@ -39,7 +41,7 @@ export abstract class ForwarderGeneratorStrategy<
     this.cache_ms = ONE_MINUTE;
   }
 
-  private durableStates = new Map<UserId, SecretState<Options, Record<string, never>>>();
+  private durableStates = new Map<UserId, SingleUserState<Options>>();
 
   /** {@link GeneratorStrategy.durableState} */
   durableState = (userId: UserId) => {
@@ -47,7 +49,24 @@ export abstract class ForwarderGeneratorStrategy<
 
     if (!state) {
       const encryptor = this.createEncryptor();
-      state = SecretState.from(userId, this.key, this.stateProvider, encryptor);
+      // always exclude request properties
+      const classifier = SecretClassifier.allSecret<Options>().exclude("website");
+
+      // Derive the secret key definition
+      const key = SecretKeyDefinition.value(this.key.stateDefinition, this.key.key, classifier, {
+        deserializer: (d) => this.key.deserializer(d),
+        cleanupDelayMs: this.key.cleanupDelayMs,
+      });
+
+      // the type parameter is explicit because type inference fails for `Omit<Options, "website">`
+      state = SecretState.from<
+        Options,
+        void,
+        Options,
+        Record<keyof Options, never>,
+        Omit<Options, "website">
+      >(userId, key, this.stateProvider, encryptor);
+
       this.durableStates.set(userId, state);
     }
 
@@ -55,19 +74,16 @@ export abstract class ForwarderGeneratorStrategy<
   };
 
   private createEncryptor() {
-    // always exclude request properties
-    const classifier = SecretClassifier.allSecret<Options>().exclude("website");
-
     // construct the encryptor
     const packer = new PaddedDataPacker(OPTIONS_FRAME_SIZE);
-    return new UserKeyEncryptor(this.encryptService, this.keyService, classifier, packer);
+    return new UserKeyEncryptor(this.encryptService, this.keyService, packer);
   }
 
   /** Determine where forwarder configuration is stored  */
   protected abstract readonly key: KeyDefinition<Options>;
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator = (_policy: Policy) => {
-    return new DefaultPolicyEvaluator<Options>();
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator = () => {
+    return pipe(map((_) => new DefaultPolicyEvaluator<Options>()));
   };
 }
diff --git a/libs/common/src/tools/generator/username/subaddress-generator-strategy.spec.ts b/libs/common/src/tools/generator/username/subaddress-generator-strategy.spec.ts
index 105edd6b4d..59a2b56172 100644
--- a/libs/common/src/tools/generator/username/subaddress-generator-strategy.spec.ts
+++ b/libs/common/src/tools/generator/username/subaddress-generator-strategy.spec.ts
@@ -1,4 +1,5 @@
 import { mock } from "jest-mock-extended";
+import { of, firstValueFrom } from "rxjs";
 
 import { PolicyType } from "../../../admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
@@ -12,39 +13,26 @@ import { SUBADDRESS_SETTINGS } from "../key-definitions";
 import { SubaddressGeneratorStrategy, UsernameGenerationServiceAbstraction } from ".";
 
 const SomeUser = "some user" as UserId;
+const SomePolicy = mock<Policy>({
+  type: PolicyType.PasswordGenerator,
+  data: {
+    minLength: 10,
+  },
+});
 
 describe("Email subaddress list generation strategy", () => {
-  describe("evaluator()", () => {
-    it("should throw if the policy type is incorrect", () => {
-      const strategy = new SubaddressGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.DisableSend,
-      });
+  describe("toEvaluator()", () => {
+    it.each([[[]], [null], [undefined], [[SomePolicy]], [[SomePolicy, SomePolicy]]])(
+      "should map any input (= %p) to the default policy evaluator",
+      async (policies) => {
+        const strategy = new SubaddressGeneratorStrategy(null, null);
 
-      expect(() => strategy.evaluator(policy)).toThrow(new RegExp("Mismatched policy type\\. .+"));
-    });
+        const evaluator$ = of(policies).pipe(strategy.toEvaluator());
+        const evaluator = await firstValueFrom(evaluator$);
 
-    it("should map to the policy evaluator", () => {
-      const strategy = new SubaddressGeneratorStrategy(null, null);
-      const policy = mock<Policy>({
-        type: PolicyType.PasswordGenerator,
-        data: {
-          minLength: 10,
-        },
-      });
-
-      const evaluator = strategy.evaluator(policy);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-      expect(evaluator.policy).toMatchObject({});
-    });
-
-    it("should map `null` to a default policy evaluator", () => {
-      const strategy = new SubaddressGeneratorStrategy(null, null);
-      const evaluator = strategy.evaluator(null);
-
-      expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
-    });
+        expect(evaluator).toBeInstanceOf(DefaultPolicyEvaluator);
+      },
+    );
   });
 
   describe("durableState", () => {
diff --git a/libs/common/src/tools/generator/username/subaddress-generator-strategy.ts b/libs/common/src/tools/generator/username/subaddress-generator-strategy.ts
index 1aba473476..1ae0cb9142 100644
--- a/libs/common/src/tools/generator/username/subaddress-generator-strategy.ts
+++ b/libs/common/src/tools/generator/username/subaddress-generator-strategy.ts
@@ -1,5 +1,6 @@
+import { map, pipe } from "rxjs";
+
 import { PolicyType } from "../../../admin-console/enums";
-import { Policy } from "../../../admin-console/models/domain/policy";
 import { StateProvider } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { GeneratorStrategy } from "../abstractions";
@@ -41,18 +42,9 @@ export class SubaddressGeneratorStrategy
     return ONE_MINUTE;
   }
 
-  /** {@link GeneratorStrategy.evaluator} */
-  evaluator(policy: Policy) {
-    if (!policy) {
-      return new DefaultPolicyEvaluator<SubaddressGenerationOptions>();
-    }
-
-    if (policy.type !== this.policy) {
-      const details = `Expected: ${this.policy}. Received: ${policy.type}`;
-      throw Error("Mismatched policy type. " + details);
-    }
-
-    return new DefaultPolicyEvaluator<SubaddressGenerationOptions>();
+  /** {@link GeneratorStrategy.toEvaluator} */
+  toEvaluator() {
+    return pipe(map((_) => new DefaultPolicyEvaluator<SubaddressGenerationOptions>()));
   }
 
   /** {@link GeneratorStrategy.generate} */
diff --git a/libs/common/src/vault/abstractions/cipher.service.ts b/libs/common/src/vault/abstractions/cipher.service.ts
index 39c2f760a9..94be3bb174 100644
--- a/libs/common/src/vault/abstractions/cipher.service.ts
+++ b/libs/common/src/vault/abstractions/cipher.service.ts
@@ -1,5 +1,6 @@
 import { UriMatchStrategySetting } from "../../models/domain/domain-service";
 import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { CipherId, CollectionId, OrganizationId } from "../../types/guid";
 import { CipherType } from "../enums/cipher-type";
 import { CipherData } from "../models/data/cipher.data";
 import { Cipher } from "../models/domain/cipher";
@@ -64,6 +65,19 @@ export abstract class CipherService {
     admin?: boolean,
   ) => Promise<Cipher>;
   saveCollectionsWithServer: (cipher: Cipher) => Promise<any>;
+  /**
+   * Bulk update collections for many ciphers with the server
+   * @param orgId
+   * @param cipherIds
+   * @param collectionIds
+   * @param removeCollections - If true, the collections will be removed from the ciphers, otherwise they will be added
+   */
+  bulkUpdateCollectionsWithServer: (
+    orgId: OrganizationId,
+    cipherIds: CipherId[],
+    collectionIds: CollectionId[],
+    removeCollections: boolean,
+  ) => Promise<void>;
   upsert: (cipher: CipherData | CipherData[]) => Promise<any>;
   replace: (ciphers: { [id: string]: CipherData }) => Promise<any>;
   clear: (userId: string) => Promise<any>;
diff --git a/libs/common/src/vault/abstractions/collection.service.ts b/libs/common/src/vault/abstractions/collection.service.ts
index ab60615329..87ce8edf43 100644
--- a/libs/common/src/vault/abstractions/collection.service.ts
+++ b/libs/common/src/vault/abstractions/collection.service.ts
@@ -7,6 +7,8 @@ import { TreeNode } from "../models/domain/tree-node";
 import { CollectionView } from "../models/view/collection.view";
 
 export abstract class CollectionService {
+  decryptedCollections$: Observable<CollectionView[]>;
+
   clearActiveUserCache: () => Promise<void>;
   encrypt: (model: CollectionView) => Promise<Collection>;
   decryptedCollectionViews$: (ids: CollectionId[]) => Observable<CollectionView[]>;
diff --git a/libs/common/src/vault/models/domain/collection.spec.ts b/libs/common/src/vault/models/domain/collection.spec.ts
index 848633e501..cd1cab8b42 100644
--- a/libs/common/src/vault/models/domain/collection.spec.ts
+++ b/libs/common/src/vault/models/domain/collection.spec.ts
@@ -68,6 +68,7 @@ describe("Collection", () => {
       organizationId: "orgId",
       readOnly: false,
       manage: true,
+      assigned: true,
     });
   });
 });
diff --git a/libs/common/src/vault/models/request/cipher-bulk-update-collections.request.ts b/libs/common/src/vault/models/request/cipher-bulk-update-collections.request.ts
new file mode 100644
index 0000000000..1b1a77a48d
--- /dev/null
+++ b/libs/common/src/vault/models/request/cipher-bulk-update-collections.request.ts
@@ -0,0 +1,19 @@
+import { CipherId, CollectionId, OrganizationId } from "../../../types/guid";
+
+export class CipherBulkUpdateCollectionsRequest {
+  organizationId: OrganizationId;
+  cipherIds: CipherId[];
+  collectionIds: CollectionId[];
+  removeCollections: boolean;
+  constructor(
+    organizationId: OrganizationId,
+    cipherIds: CipherId[],
+    collectionIds: CollectionId[],
+    removeCollections: boolean = false,
+  ) {
+    this.organizationId = organizationId;
+    this.cipherIds = cipherIds;
+    this.collectionIds = collectionIds;
+    this.removeCollections = removeCollections;
+  }
+}
diff --git a/libs/common/src/vault/models/view/collection.view.ts b/libs/common/src/vault/models/view/collection.view.ts
index 1177d23220..74d369380b 100644
--- a/libs/common/src/vault/models/view/collection.view.ts
+++ b/libs/common/src/vault/models/view/collection.view.ts
@@ -17,6 +17,7 @@ export class CollectionView implements View, ITreeNodeObject {
   readOnly: boolean = null;
   hidePasswords: boolean = null;
   manage: boolean = null;
+  assigned: boolean = null;
 
   constructor(c?: Collection | CollectionAccessDetailsResponse) {
     if (!c) {
@@ -30,7 +31,29 @@ export class CollectionView implements View, ITreeNodeObject {
       this.readOnly = c.readOnly;
       this.hidePasswords = c.hidePasswords;
       this.manage = c.manage;
+      this.assigned = true;
     }
+    if (c instanceof CollectionAccessDetailsResponse) {
+      this.assigned = c.assigned;
+    }
+  }
+
+  canEditItems(org: Organization, v1FlexibleCollections: boolean): boolean {
+    if (org != null && org.id !== this.organizationId) {
+      throw new Error(
+        "Id of the organization provided does not match the org id of the collection.",
+      );
+    }
+
+    if (org?.flexibleCollections) {
+      return (
+        org?.canEditAllCiphers(v1FlexibleCollections) ||
+        this.manage ||
+        (this.assigned && !this.readOnly)
+      );
+    }
+
+    return org?.canEditAnyCollection || (org?.canEditAssignedCollections && this.assigned);
   }
 
   // For editing collection details, not the items within it.
diff --git a/libs/common/src/vault/services/cipher.service.spec.ts b/libs/common/src/vault/services/cipher.service.spec.ts
index 4b071ee2a4..28c4bfc653 100644
--- a/libs/common/src/vault/services/cipher.service.spec.ts
+++ b/libs/common/src/vault/services/cipher.service.spec.ts
@@ -9,7 +9,7 @@ import { SearchService } from "../../abstractions/search.service";
 import { AutofillSettingsService } from "../../autofill/services/autofill-settings.service";
 import { DomainSettingsService } from "../../autofill/services/domain-settings.service";
 import { UriMatchStrategy } from "../../models/domain/domain-service";
-import { ConfigServiceAbstraction } from "../../platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "../../platform/abstractions/config/config.service";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../platform/abstractions/encrypt.service";
 import { I18nService } from "../../platform/abstractions/i18n.service";
@@ -114,7 +114,7 @@ describe("Cipher Service", () => {
   const i18nService = mock<I18nService>();
   const searchService = mock<SearchService>();
   const encryptService = mock<EncryptService>();
-  const configService = mock<ConfigServiceAbstraction>();
+  const configService = mock<ConfigService>();
   accountService = mockAccountServiceWith(mockUserId);
   const stateProvider = new FakeStateProvider(accountService);
 
diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts
index 6b6a12dc69..a7c80978e0 100644
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -10,7 +10,7 @@ import { UriMatchStrategySetting } from "../../models/domain/domain-service";
 import { ErrorResponse } from "../../models/response/error.response";
 import { ListResponse } from "../../models/response/list.response";
 import { View } from "../../models/view/view";
-import { ConfigServiceAbstraction } from "../../platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "../../platform/abstractions/config/config.service";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../platform/abstractions/encrypt.service";
 import { I18nService } from "../../platform/abstractions/i18n.service";
@@ -29,7 +29,7 @@ import {
   StateProvider,
   DerivedState,
 } from "../../platform/state";
-import { CipherId } from "../../types/guid";
+import { CipherId, CollectionId, OrganizationId } from "../../types/guid";
 import { UserKey, OrgKey } from "../../types/key";
 import { CipherService as CipherServiceAbstraction } from "../abstractions/cipher.service";
 import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
@@ -52,6 +52,7 @@ import { CipherBulkDeleteRequest } from "../models/request/cipher-bulk-delete.re
 import { CipherBulkMoveRequest } from "../models/request/cipher-bulk-move.request";
 import { CipherBulkRestoreRequest } from "../models/request/cipher-bulk-restore.request";
 import { CipherBulkShareRequest } from "../models/request/cipher-bulk-share.request";
+import { CipherBulkUpdateCollectionsRequest } from "../models/request/cipher-bulk-update-collections.request";
 import { CipherCollectionsRequest } from "../models/request/cipher-collections.request";
 import { CipherCreateRequest } from "../models/request/cipher-create.request";
 import { CipherPartialRequest } from "../models/request/cipher-partial.request";
@@ -103,7 +104,7 @@ export class CipherService implements CipherServiceAbstraction {
     private autofillSettingsService: AutofillSettingsServiceAbstraction,
     private encryptService: EncryptService,
     private cipherFileUploadService: CipherFileUploadService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private stateProvider: StateProvider,
   ) {
     this.localDataState = this.stateProvider.getActive(CIPHERS_DISK_KEY);
@@ -127,6 +128,13 @@ export class CipherService implements CipherServiceAbstraction {
   }
 
   async setDecryptedCipherCache(value: CipherView[]) {
+    // Sometimes we might prematurely decrypt the vault and that will result in no ciphers
+    // if we cache it then we may accidentially return it when it's not right, we'd rather try decryption again.
+    // We still want to set null though, that is the indicator that the cache isn't valid and we should do decryption.
+    //TODO Review this before merge
+    //if (value == null || value.length !== 0) {
+    //  await this.stateService.setDecryptedCiphers(value);
+    //}
     if (this.searchService != null) {
       if (value == null) {
         this.searchService.clearIndex();
@@ -741,6 +749,49 @@ export class CipherService implements CipherServiceAbstraction {
     await this.upsert(data);
   }
 
+  /**
+   * Bulk update collections for many ciphers with the server
+   * @param orgId
+   * @param cipherIds
+   * @param collectionIds
+   * @param removeCollections - If true, the collectionIds will be removed from the ciphers, otherwise they will be added
+   */
+  async bulkUpdateCollectionsWithServer(
+    orgId: OrganizationId,
+    cipherIds: CipherId[],
+    collectionIds: CollectionId[],
+    removeCollections: boolean = false,
+  ): Promise<void> {
+    const request = new CipherBulkUpdateCollectionsRequest(
+      orgId,
+      cipherIds,
+      collectionIds,
+      removeCollections,
+    );
+
+    await this.apiService.send("POST", "/ciphers/bulk-collections", request, true, false);
+
+    // Update the local state
+    const ciphers = await this.stateService.getEncryptedCiphers();
+
+    for (const id of cipherIds) {
+      const cipher = ciphers[id];
+      if (cipher) {
+        if (removeCollections) {
+          cipher.collectionIds = cipher.collectionIds?.filter(
+            (cid) => !collectionIds.includes(cid as CollectionId),
+          );
+        } else {
+          // Append to the collectionIds if it's not already there
+          cipher.collectionIds = [...new Set([...(cipher.collectionIds ?? []), ...collectionIds])];
+        }
+      }
+    }
+
+    await this.clearCache();
+    await this.stateService.setEncryptedCiphers(ciphers);
+  }
+
   async upsert(cipher: CipherData | CipherData[]): Promise<any> {
     let ciphers = await firstValueFrom(this.ciphers$);
     if (ciphers == null) {
@@ -1448,7 +1499,6 @@ export class CipherService implements CipherServiceAbstraction {
         cipher.attachments = attachments;
       }),
     ]);
-
     return cipher;
   }
 
diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts
index 2f76c5043a..9757e24d8f 100644
--- a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts
+++ b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts
@@ -4,7 +4,7 @@ import { of } from "rxjs";
 import { AuthService } from "../../../auth/abstractions/auth.service";
 import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
 import { DomainSettingsService } from "../../../autofill/services/domain-settings.service";
-import { ConfigServiceAbstraction } from "../../../platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "../../../platform/abstractions/config/config.service";
 import { Utils } from "../../../platform/misc/utils";
 import {
   Fido2AuthenticatorError,
@@ -30,7 +30,7 @@ const VaultUrl = "https://vault.bitwarden.com";
 
 describe("FidoAuthenticatorService", () => {
   let authenticator!: MockProxy<Fido2AuthenticatorService>;
-  let configService!: MockProxy<ConfigServiceAbstraction>;
+  let configService!: MockProxy<ConfigService>;
   let authService!: MockProxy<AuthService>;
   let vaultSettingsService: MockProxy<VaultSettingsService>;
   let domainSettingsService: MockProxy<DomainSettingsService>;
@@ -39,7 +39,7 @@ describe("FidoAuthenticatorService", () => {
 
   beforeEach(async () => {
     authenticator = mock<Fido2AuthenticatorService>();
-    configService = mock<ConfigServiceAbstraction>();
+    configService = mock<ConfigService>();
     authService = mock<AuthService>();
     vaultSettingsService = mock<VaultSettingsService>();
     domainSettingsService = mock<DomainSettingsService>();
diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts
index c725b22637..bfc8cbe915 100644
--- a/libs/common/src/vault/services/fido2/fido2-client.service.ts
+++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts
@@ -4,7 +4,7 @@ import { parse } from "tldts";
 import { AuthService } from "../../../auth/abstractions/auth.service";
 import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
 import { DomainSettingsService } from "../../../autofill/services/domain-settings.service";
-import { ConfigServiceAbstraction } from "../../../platform/abstractions/config/config.service.abstraction";
+import { ConfigService } from "../../../platform/abstractions/config/config.service";
 import { LogService } from "../../../platform/abstractions/log.service";
 import { Utils } from "../../../platform/misc/utils";
 import {
@@ -40,7 +40,7 @@ import { Fido2Utils } from "./fido2-utils";
 export class Fido2ClientService implements Fido2ClientServiceAbstraction {
   constructor(
     private authenticator: Fido2AuthenticatorService,
-    private configService: ConfigServiceAbstraction,
+    private configService: ConfigService,
     private authService: AuthService,
     private vaultSettingsService: VaultSettingsService,
     private domainSettingsService: DomainSettingsService,
diff --git a/libs/common/src/vault/services/sync/sync.service.ts b/libs/common/src/vault/services/sync/sync.service.ts
index 1b3e63d001..3e8bd92a7a 100644
--- a/libs/common/src/vault/services/sync/sync.service.ts
+++ b/libs/common/src/vault/services/sync/sync.service.ts
@@ -1,3 +1,7 @@
+import { firstValueFrom } from "rxjs";
+
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
 import { ApiService } from "../../../abstractions/api.service";
 import { InternalOrganizationServiceAbstraction } from "../../../admin-console/abstractions/organization/organization.service.abstraction";
 import { InternalPolicyService } from "../../../admin-console/abstractions/policy/policy.service.abstraction";
@@ -24,11 +28,11 @@ import { LogService } from "../../../platform/abstractions/log.service";
 import { MessagingService } from "../../../platform/abstractions/messaging.service";
 import { StateService } from "../../../platform/abstractions/state.service";
 import { sequentialize } from "../../../platform/misc/sequentialize";
-import { AccountDecryptionOptions } from "../../../platform/models/domain/account";
 import { SendData } from "../../../tools/send/models/data/send.data";
 import { SendResponse } from "../../../tools/send/models/response/send.response";
 import { SendApiService } from "../../../tools/send/services/send-api.service.abstraction";
 import { InternalSendService } from "../../../tools/send/services/send.service.abstraction";
+import { UserId } from "../../../types/guid";
 import { CipherService } from "../../../vault/abstractions/cipher.service";
 import { FolderApiServiceAbstraction } from "../../../vault/abstractions/folder/folder-api.service.abstraction";
 import { InternalFolderService } from "../../../vault/abstractions/folder/folder.service.abstraction";
@@ -61,6 +65,7 @@ export class SyncService implements SyncServiceAbstraction {
     private folderApiService: FolderApiServiceAbstraction,
     private organizationService: InternalOrganizationServiceAbstraction,
     private sendApiService: SendApiService,
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     private avatarService: AvatarService,
     private logoutCallback: (expired: boolean) => Promise<void>,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
@@ -313,7 +318,7 @@ export class SyncService implements SyncServiceAbstraction {
     await this.cryptoService.setPrivateKey(response.privateKey);
     await this.cryptoService.setProviderKeys(response.providers);
     await this.cryptoService.setOrgKeys(response.organizations, response.providerOrganizations);
-    await this.avatarService.setAvatarColor(response.avatarColor);
+    await this.avatarService.setSyncAvatarColor(response.id as UserId, response.avatarColor);
     await this.stateService.setSecurityStamp(response.securityStamp);
     await this.stateService.setEmailVerified(response.emailVerified);
 
@@ -352,19 +357,12 @@ export class SyncService implements SyncServiceAbstraction {
       );
     }
 
-    const acctDecryptionOpts: AccountDecryptionOptions =
-      await this.stateService.getAccountDecryptionOptions();
+    const userDecryptionOptions = await firstValueFrom(
+      this.userDecryptionOptionsService.userDecryptionOptions$,
+    );
 
-    // Account decryption options should never be null or undefined b/c it is always initialized
-    // during the processing of the ID token response, but there might be a state issue
-    // where it is being overwritten with undefined affecting browser extension + FireFox users.
-    // TODO: Consider removing this once we figure out the root cause of the state issue or after the state provider refactor.
-    if (acctDecryptionOpts === null || acctDecryptionOpts === undefined) {
+    if (userDecryptionOptions === null || userDecryptionOptions === undefined) {
       this.logService.error("Sync: Account decryption options are null or undefined.");
-      // Early return as a bandaid to allow the rest of the sync to continue so users can access
-      // their data that they might have added from another device.
-      // Otherwise, trying to access properties on undefined below will throw an error.
-      return;
     }
 
     // Even though TDE users should only be in a single org (per single org policy), check
@@ -383,8 +381,8 @@ export class SyncService implements SyncServiceAbstraction {
     }
 
     if (
-      acctDecryptionOpts.trustedDeviceOption !== undefined &&
-      !acctDecryptionOpts.hasMasterPassword &&
+      userDecryptionOptions.trustedDeviceOption !== undefined &&
+      !userDecryptionOptions.hasMasterPassword &&
       hasManageResetPasswordPermission
     ) {
       // TDE user w/out MP went from having no password reset permission to having it.
diff --git a/libs/common/test.setup.ts b/libs/common/test.setup.ts
index c50c7ca227..d857751b51 100644
--- a/libs/common/test.setup.ts
+++ b/libs/common/test.setup.ts
@@ -1,6 +1,7 @@
 import { webcrypto } from "crypto";
 
 import { toEqualBuffer } from "./spec";
+import { toAlmostEqual } from "./spec/matchers/to-almost-equal";
 
 Object.defineProperty(window, "crypto", {
   value: webcrypto,
@@ -10,8 +11,15 @@ Object.defineProperty(window, "crypto", {
 
 expect.extend({
   toEqualBuffer: toEqualBuffer,
+  toAlmostEqual: toAlmostEqual,
 });
 
 export interface CustomMatchers<R = unknown> {
   toEqualBuffer(expected: Uint8Array | ArrayBuffer): R;
+  /**
+   * Matches the expected date within an optional ms precision
+   * @param expected The expected date
+   * @param msPrecision The optional precision in milliseconds
+   */
+  toAlmostEqual(expected: Date, msPrecision?: number): R;
 }
diff --git a/libs/components/src/icon/icon.stories.ts b/libs/components/src/icon/icon.stories.ts
index 95bf457517..54cdd7928c 100644
--- a/libs/components/src/icon/icon.stories.ts
+++ b/libs/components/src/icon/icon.stories.ts
@@ -1,31 +1,24 @@
 import { Meta, StoryObj } from "@storybook/angular";
 
 import { BitIconComponent } from "./icon.component";
+import * as GenericIcons from "./icons";
 
 export default {
   title: "Component Library/Icon",
   component: BitIconComponent,
-  args: {
-    icon: "reportExposedPasswords",
-  },
 } as Meta;
 
 type Story = StoryObj<BitIconComponent>;
 
-export const ReportExposedPasswords: Story = {
-  render: (args) => ({
-    props: args,
-    template: `
-    <div class="tw-bg-primary-500 tw-p-5">
-      <bit-icon [icon]="icon" class="tw-text-primary-300"></bit-icon>
-    </div>
-    `,
-  }),
-};
-
-export const UnknownIcon: Story = {
-  ...ReportExposedPasswords,
+export const Default: Story = {
   args: {
-    icon: "unknown" as any,
+    icon: GenericIcons.NoAccess,
+  },
+  argTypes: {
+    icon: {
+      options: Object.keys(GenericIcons),
+      mapping: GenericIcons,
+      control: { type: "select" },
+    },
   },
 };
diff --git a/libs/components/src/stories/kitchen-sink/components/kitchen-sink-form.component.ts b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-form.component.ts
new file mode 100644
index 0000000000..fa3a915f22
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-form.component.ts
@@ -0,0 +1,176 @@
+import { Component } from "@angular/core";
+import { FormBuilder, Validators } from "@angular/forms";
+
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+
+import { DialogService } from "../../../dialog";
+import { I18nMockService } from "../../../utils/i18n-mock.service";
+import { KitchenSinkSharedModule } from "../kitchen-sink-shared.module";
+
+@Component({
+  standalone: true,
+  selector: "bit-kitchen-sink-form",
+  imports: [KitchenSinkSharedModule],
+  providers: [
+    DialogService,
+    {
+      provide: I18nService,
+      useFactory: () => {
+        return new I18nMockService({
+          close: "Close",
+          checkboxRequired: "Option is required",
+          fieldsNeedAttention: "__$1__ field(s) above need your attention.",
+          inputEmail: "Input is not an email-address.",
+          inputMaxValue: (max) => `Input value must not exceed ${max}.`,
+          inputMinValue: (min) => `Input value must be at least ${min}.`,
+          inputRequired: "Input is required.",
+          multiSelectClearAll: "Clear all",
+          multiSelectLoading: "Retrieving options...",
+          multiSelectNotFound: "No items found",
+          multiSelectPlaceholder: "-- Type to Filter --",
+          required: "required",
+          selectPlaceholder: "-- Select --",
+          toggleVisibility: "Toggle visibility",
+        });
+      },
+    },
+  ],
+  template: `
+    <form [formGroup]="formObj" [bitSubmit]="submit">
+      <div class="tw-mb-6">
+        <bit-progress [barWidth]="50"></bit-progress>
+      </div>
+
+      <bit-form-field>
+        <bit-label>Your favorite feature</bit-label>
+        <input bitInput formControlName="favFeature" />
+      </bit-form-field>
+
+      <bit-form-field>
+        <bit-label>Your favorite color</bit-label>
+        <bit-select formControlName="favColor">
+          <bit-option
+            *ngFor="let color of colors"
+            [value]="color.value"
+            [label]="color.name"
+          ></bit-option>
+        </bit-select>
+      </bit-form-field>
+
+      <bit-form-field>
+        <bit-label>Your top 3 worst passwords</bit-label>
+        <bit-multi-select formControlName="topWorstPasswords" [baseItems]="worstPasswords">
+        </bit-multi-select>
+      </bit-form-field>
+
+      <bit-form-field>
+        <bit-label>How many passwords do you have?</bit-label>
+        <input bitInput type="number" formControlName="numPasswords" min="0" max="150" />
+      </bit-form-field>
+
+      <bit-form-field>
+        <bit-label>
+          A random password
+          <button
+            bitLink
+            linkType="primary"
+            [bitPopoverTriggerFor]="myPopover"
+            #triggerRef="popoverTrigger"
+          >
+            <i class="bwi bwi-question-circle"></i>
+          </button>
+        </bit-label>
+        <input bitInput type="password" formControlName="password" />
+        <button type="button" bitIconButton bitSuffix bitPasswordInputToggle></button>
+      </bit-form-field>
+
+      <div class="tw-mb-6">
+        <span bitTypography="body1" class="tw-text-main">
+          An example of a strong password: &nbsp;
+        </span>
+
+        <bit-color-password
+          class="tw-text-base"
+          [password]="'Wq$Jk😀7j  DX#rS5Sdi!z'"
+          [showCount]="true"
+        ></bit-color-password>
+      </div>
+
+      <bit-form-control>
+        <bit-label>Check if you love security</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="loveSecurity" />
+        <bit-hint>Hint: the correct answer is yes!</bit-hint>
+      </bit-form-control>
+
+      <bit-radio-group formControlName="current">
+        <bit-label>Do you currently use Bitwarden?</bit-label>
+        <bit-radio-button value="yes">
+          <bit-label>Yes</bit-label>
+        </bit-radio-button>
+        <bit-radio-button value="no">
+          <bit-label>No</bit-label>
+        </bit-radio-button>
+      </bit-radio-group>
+
+      <button bitButton bitFormButton buttonType="primary" type="submit">Submit</button>
+      <bit-error-summary [formGroup]="formObj"></bit-error-summary>
+
+      <bit-popover [title]="'Password help'" #myPopover>
+        <div>A strong password has the following:</div>
+        <ul class="tw-mt-2 tw-mb-0 tw-pl-4">
+          <li>Letters</li>
+          <li>Numbers</li>
+          <li>Special characters</li>
+        </ul>
+      </bit-popover>
+    </form>
+  `,
+})
+export class KitchenSinkForm {
+  constructor(
+    public dialogService: DialogService,
+    public formBuilder: FormBuilder,
+  ) {}
+
+  formObj = this.formBuilder.group({
+    favFeature: ["", [Validators.required]],
+    favColor: [undefined as string | undefined, [Validators.required]],
+    topWorstPasswords: [undefined as string | undefined],
+    loveSecurity: [false, [Validators.requiredTrue]],
+    current: ["yes"],
+    numPasswords: [null, [Validators.min(0), Validators.max(150)]],
+    password: ["", [Validators.required]],
+  });
+
+  submit = async () => {
+    await this.dialogService.openSimpleDialog({
+      title: "Confirm",
+      content: "Are you sure you want to submit?",
+      type: "primary",
+      acceptButtonText: "Yes",
+      cancelButtonText: "No",
+      acceptAction: async () => this.acceptDialog(),
+    });
+  };
+
+  acceptDialog() {
+    this.formObj.markAllAsTouched();
+    this.dialogService.closeAll();
+  }
+
+  colors = [
+    { value: "blue", name: "Blue" },
+    { value: "white", name: "White" },
+    { value: "gray", name: "Gray" },
+  ];
+
+  worstPasswords = [
+    { id: "1", listName: "1234", labelName: "1234" },
+    { id: "2", listName: "admin", labelName: "admin" },
+    { id: "3", listName: "password", labelName: "password" },
+    { id: "4", listName: "querty", labelName: "querty" },
+    { id: "5", listName: "letmein", labelName: "letmein" },
+    { id: "6", listName: "trustno1", labelName: "trustno1" },
+    { id: "7", listName: "1qaz2wsx", labelName: "1qaz2wsx" },
+  ];
+}
diff --git a/libs/components/src/stories/kitchen-sink/components/kitchen-sink-main.component.ts b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-main.component.ts
new file mode 100644
index 0000000000..ae4448eb76
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-main.component.ts
@@ -0,0 +1,117 @@
+import { DialogRef } from "@angular/cdk/dialog";
+import { Component } from "@angular/core";
+
+import { DialogService } from "../../../dialog";
+import { KitchenSinkSharedModule } from "../kitchen-sink-shared.module";
+
+import { KitchenSinkForm } from "./kitchen-sink-form.component";
+import { KitchenSinkTable } from "./kitchen-sink-table.component";
+import { KitchenSinkToggleList } from "./kitchen-sink-toggle-list.component";
+
+@Component({
+  standalone: true,
+  imports: [KitchenSinkSharedModule],
+  template: `
+    <bit-dialog title="Dialog Title" dialogSize="large">
+      <span bitDialogContent> Dialog body text goes here. </span>
+      <ng-container bitDialogFooter>
+        <button bitButton buttonType="primary" (click)="dialogRef.close()">OK</button>
+        <button bitButton buttonType="secondary" bitDialogClose>Cancel</button>
+      </ng-container>
+    </bit-dialog>
+  `,
+})
+class KitchenSinkDialog {
+  constructor(public dialogRef: DialogRef) {}
+}
+
+@Component({
+  standalone: true,
+  selector: "bit-tab-main",
+  imports: [
+    KitchenSinkSharedModule,
+    KitchenSinkTable,
+    KitchenSinkToggleList,
+    KitchenSinkForm,
+    KitchenSinkDialog,
+  ],
+  template: `
+    <bit-banner bannerType="info" class="-tw-m-6 tw-flex tw-flex-col tw-pb-6">
+      Kitchen Sink test zone
+    </bit-banner>
+
+    <p class="tw-mt-4">
+      <bit-breadcrumbs>
+        <bit-breadcrumb *ngFor="let item of navItems" [icon]="item.icon" [route]="[item.route]">
+          {{ item.name }}
+        </bit-breadcrumb>
+      </bit-breadcrumbs>
+    </p>
+
+    <bit-callout type="info" title="About the Kitchen Sink">
+      <p bitTypography="body1">
+        The purpose of this story is to compose together all of our components. When snapshot tests
+        run, we'll be able to spot-check visual changes in a more app-like environment than just the
+        isolated stories. The stories for the Kitchen Sink exist to be tested by the Chromatic UI
+        tests.
+      </p>
+
+      <p bitTypography="body1">
+        NOTE: These stories will treat "Light & Dark" mode as "Light" mode. This is done to avoid a
+        bug with the way that we render the same component twice in the same iframe and how that
+        interacts with the <code>router-outlet</code>.
+      </p>
+    </bit-callout>
+
+    <div class="tw-mb-6 tw-mt-6">
+      <h1 bitTypography="h1" class="tw-text-main">
+        Bitwarden <bit-avatar text="Bit Warden"></bit-avatar>
+      </h1>
+      <a bitLink linkType="primary" href="#">Learn more</a>
+    </div>
+
+    <bit-tab-group label="Main content tabs" class="tw-text-main">
+      <bit-tab label="Evaluation">
+        <bit-section>
+          <h2 bitTypography="h2" class="tw-text-main tw-mb-6">About</h2>
+          <bit-kitchen-sink-table></bit-kitchen-sink-table>
+
+          <button bitButton (click)="openDefaultDialog()">Open Dialog</button>
+        </bit-section>
+        <bit-section>
+          <h2 bitTypography="h2" class="tw-text-main tw-mb-6">Companies using Bitwarden</h2>
+          <bit-kitchen-sink-toggle-list></bit-kitchen-sink-toggle-list>
+        </bit-section>
+        <bit-section>
+          <h2 bitTypography="h2" class="tw-text-main tw-mb-6">Survey</h2>
+          <bit-kitchen-sink-form></bit-kitchen-sink-form>
+        </bit-section>
+      </bit-tab>
+
+      <bit-tab label="Empty tab" data-testid="empty-tab">
+        <bit-section>
+          <bit-no-items class="tw-text-main">
+            <ng-container slot="title">This tab is empty</ng-container>
+            <ng-container slot="description">
+              <p bitTypography="body2">Try searching for what you are looking for:</p>
+              <bit-search></bit-search>
+              <p bitTypography="helper">Note that the search bar is not functional</p>
+            </ng-container>
+          </bit-no-items>
+        </bit-section>
+      </bit-tab>
+    </bit-tab-group>
+  `,
+})
+export class KitchenSinkMainComponent {
+  constructor(public dialogService: DialogService) {}
+
+  openDefaultDialog() {
+    this.dialogService.open(KitchenSinkDialog);
+  }
+
+  navItems = [
+    { icon: "bwi-collection", name: "Password Managers", route: "/" },
+    { icon: "bwi-collection", name: "Favorites", route: "/" },
+  ];
+}
diff --git a/libs/components/src/stories/kitchen-sink/components/kitchen-sink-table.component.ts b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-table.component.ts
new file mode 100644
index 0000000000..3c6d6f1144
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-table.component.ts
@@ -0,0 +1,49 @@
+import { Component } from "@angular/core";
+
+import { KitchenSinkSharedModule } from "../kitchen-sink-shared.module";
+
+@Component({
+  standalone: true,
+  selector: "bit-kitchen-sink-table",
+  imports: [KitchenSinkSharedModule],
+  template: `
+    <bit-table>
+      <ng-container header>
+        <tr>
+          <th bitCell>Product</th>
+          <th bitCell>User</th>
+          <th bitCell>Options</th>
+        </tr>
+      </ng-container>
+      <ng-template body>
+        <tr bitRow>
+          <td bitCell>Password Manager</td>
+          <td bitCell>Everyone</td>
+          <td bitCell>
+            <button bitIconButton="bwi-ellipsis-v" [bitMenuTriggerFor]="menu1"></button>
+            <bit-menu #menu1>
+              <a href="#" bitMenuItem>Anchor link</a>
+              <a href="#" bitMenuItem>Another link</a>
+              <bit-menu-divider></bit-menu-divider>
+              <button type="button" bitMenuItem>Button after divider</button>
+            </bit-menu>
+          </td>
+        </tr>
+        <tr bitRow>
+          <td bitCell>Secrets Manager</td>
+          <td bitCell>Developers</td>
+          <td bitCell>
+            <button bitIconButton="bwi-ellipsis-v" [bitMenuTriggerFor]="menu2"></button>
+            <bit-menu #menu2>
+              <a href="#" bitMenuItem>Anchor link</a>
+              <a href="#" bitMenuItem>Another link</a>
+              <bit-menu-divider></bit-menu-divider>
+              <button type="button" bitMenuItem>Button after divider</button>
+            </bit-menu>
+          </td>
+        </tr>
+      </ng-template>
+    </bit-table>
+  `,
+})
+export class KitchenSinkTable {}
diff --git a/libs/components/src/stories/kitchen-sink/components/kitchen-sink-toggle-list.component.ts b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-toggle-list.component.ts
new file mode 100644
index 0000000000..2804c9e835
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/components/kitchen-sink-toggle-list.component.ts
@@ -0,0 +1,34 @@
+import { Component } from "@angular/core";
+
+import { KitchenSinkSharedModule } from "../kitchen-sink-shared.module";
+
+@Component({
+  standalone: true,
+  selector: "bit-kitchen-sink-toggle-list",
+  imports: [KitchenSinkSharedModule],
+  template: `
+    <div class="tw-mt-6 tw-mb-6">
+      <bit-toggle-group [(selected)]="selectedToggle" aria-label="Company list filter">
+        <bit-toggle value="all"> All <span bitBadge variant="info">3</span> </bit-toggle>
+
+        <bit-toggle value="large"> Enterprise <span bitBadge variant="info">2</span> </bit-toggle>
+
+        <bit-toggle value="small"> Mid-sized <span bitBadge variant="info">1</span> </bit-toggle>
+      </bit-toggle-group>
+    </div>
+    <ul *ngFor="let company of companyList">
+      <li *ngIf="company.size === selectedToggle || selectedToggle === 'all'">
+        {{ company.name }}
+      </li>
+    </ul>
+  `,
+})
+export class KitchenSinkToggleList {
+  selectedToggle: "all" | "large" | "small" = "all";
+
+  companyList = [
+    { name: "A large enterprise company", size: "large" },
+    { name: "Another enterprise company", size: "large" },
+    { name: "A smaller company", size: "small" },
+  ];
+}
diff --git a/libs/components/src/stories/kitchen-sink/index.ts b/libs/components/src/stories/kitchen-sink/index.ts
new file mode 100644
index 0000000000..1d13b23136
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/index.ts
@@ -0,0 +1 @@
+export * from "./kitchen-sink.stories";
diff --git a/libs/components/src/stories/kitchen-sink/kitchen-sink-shared.module.ts b/libs/components/src/stories/kitchen-sink/kitchen-sink-shared.module.ts
new file mode 100644
index 0000000000..56e3a92e2a
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/kitchen-sink-shared.module.ts
@@ -0,0 +1,114 @@
+import { CommonModule } from "@angular/common";
+import { NgModule } from "@angular/core";
+import { FormsModule, ReactiveFormsModule } from "@angular/forms";
+import { RouterModule } from "@angular/router";
+
+import { AsyncActionsModule } from "../../async-actions";
+import { AvatarModule } from "../../avatar";
+import { BadgeModule } from "../../badge";
+import { BannerModule } from "../../banner";
+import { BreadcrumbsModule } from "../../breadcrumbs";
+import { ButtonModule } from "../../button";
+import { CalloutModule } from "../../callout";
+import { CheckboxModule } from "../../checkbox";
+import { ColorPasswordModule } from "../../color-password";
+import { DialogModule } from "../../dialog";
+import { FormControlModule } from "../../form-control";
+import { FormFieldModule } from "../../form-field";
+import { IconModule } from "../../icon";
+import { IconButtonModule } from "../../icon-button";
+import { InputModule } from "../../input";
+import { LayoutComponent } from "../../layout";
+import { LinkModule } from "../../link";
+import { MenuModule } from "../../menu";
+import { NavigationModule } from "../../navigation";
+import { NoItemsModule } from "../../no-items";
+import { PopoverModule } from "../../popover";
+import { ProgressModule } from "../../progress";
+import { RadioButtonModule } from "../../radio-button";
+import { SearchModule } from "../../search";
+import { SectionComponent } from "../../section";
+import { SelectModule } from "../../select";
+import { SharedModule } from "../../shared";
+import { TableModule } from "../../table";
+import { TabsModule } from "../../tabs";
+import { ToggleGroupModule } from "../../toggle-group";
+import { TypographyModule } from "../../typography";
+
+@NgModule({
+  imports: [
+    AsyncActionsModule,
+    AvatarModule,
+    BadgeModule,
+    BannerModule,
+    BreadcrumbsModule,
+    ButtonModule,
+    CalloutModule,
+    CheckboxModule,
+    ColorPasswordModule,
+    CommonModule,
+    DialogModule,
+    FormControlModule,
+    FormFieldModule,
+    FormsModule,
+    IconButtonModule,
+    IconModule,
+    InputModule,
+    LayoutComponent,
+    LinkModule,
+    MenuModule,
+    NavigationModule,
+    NoItemsModule,
+    PopoverModule,
+    ProgressModule,
+    RadioButtonModule,
+    ReactiveFormsModule,
+    RouterModule,
+    SearchModule,
+    SectionComponent,
+    SelectModule,
+    SharedModule,
+    TableModule,
+    TabsModule,
+    ToggleGroupModule,
+    TypographyModule,
+  ],
+  exports: [
+    AsyncActionsModule,
+    AvatarModule,
+    BadgeModule,
+    BannerModule,
+    BreadcrumbsModule,
+    ButtonModule,
+    CalloutModule,
+    CheckboxModule,
+    ColorPasswordModule,
+    CommonModule,
+    DialogModule,
+    FormControlModule,
+    FormFieldModule,
+    FormsModule,
+    IconButtonModule,
+    IconModule,
+    InputModule,
+    LayoutComponent,
+    LinkModule,
+    MenuModule,
+    NavigationModule,
+    NoItemsModule,
+    PopoverModule,
+    ProgressModule,
+    RadioButtonModule,
+    ReactiveFormsModule,
+    RouterModule,
+    SearchModule,
+    SectionComponent,
+    SelectModule,
+    SharedModule,
+    TableModule,
+    TabsModule,
+    ToggleGroupModule,
+    TypographyModule,
+  ],
+})
+export class KitchenSinkSharedModule {}
diff --git a/libs/components/src/stories/kitchen-sink/kitchen-sink.mdx b/libs/components/src/stories/kitchen-sink/kitchen-sink.mdx
new file mode 100644
index 0000000000..49493f749e
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/kitchen-sink.mdx
@@ -0,0 +1,15 @@
+import { Meta, Story } from "@storybook/addon-docs";
+
+import * as stories from "./kitchen-sink.stories";
+
+<Meta of={stories} />
+
+# Kitchen Sink
+
+The purpose of this story is to compose together all of our components. When snapshot tests run,
+we'll be able to spot-check visual changes in a more app-like environment than just the isolated
+stories. The stories for the Kitchen Sink exist to be tested by the Chromatic UI tests.
+
+NOTE: These stories will treat "Light & Dark" mode as "Light" mode. This is done to avoid a bug with
+the way that we render the same component twice in the same iframe and how that interacts with the
+`router-outlet`.
diff --git a/libs/components/src/stories/kitchen-sink/kitchen-sink.stories.ts b/libs/components/src/stories/kitchen-sink/kitchen-sink.stories.ts
new file mode 100644
index 0000000000..70adb21191
--- /dev/null
+++ b/libs/components/src/stories/kitchen-sink/kitchen-sink.stories.ts
@@ -0,0 +1,172 @@
+import { importProvidersFrom } from "@angular/core";
+import { provideNoopAnimations } from "@angular/platform-browser/animations";
+import { RouterModule } from "@angular/router";
+import {
+  Meta,
+  StoryObj,
+  applicationConfig,
+  componentWrapperDecorator,
+  moduleMetadata,
+} from "@storybook/angular";
+import {
+  userEvent,
+  getAllByRole,
+  getByRole,
+  getByLabelText,
+  fireEvent,
+} from "@storybook/testing-library";
+
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+
+import { DialogService } from "../../dialog";
+import { LayoutComponent } from "../../layout";
+import { I18nMockService } from "../../utils/i18n-mock.service";
+
+import { KitchenSinkForm } from "./components/kitchen-sink-form.component";
+import { KitchenSinkMainComponent } from "./components/kitchen-sink-main.component";
+import { KitchenSinkTable } from "./components/kitchen-sink-table.component";
+import { KitchenSinkToggleList } from "./components/kitchen-sink-toggle-list.component";
+import { KitchenSinkSharedModule } from "./kitchen-sink-shared.module";
+
+export default {
+  title: "Documentation / Kitchen Sink",
+  component: LayoutComponent,
+  decorators: [
+    componentWrapperDecorator(
+      /**
+       * Applying a CSS transform makes a `position: fixed` element act like it is `position: relative`
+       * https://github.com/storybookjs/storybook/issues/8011#issue-490251969
+       */
+      (story) => {
+        return /* HTML */ `<div class="tw-scale-100 tw-border-2 tw-border-solid tw-border-[red]">
+          ${story}
+        </div>`;
+      },
+      ({ globals }) => {
+        /**
+         * avoid a bug with the way that we render the same component twice in the same iframe and how
+         * that interacts with the router-outlet
+         */
+        const themeOverride = globals["theme"] === "both" ? "light" : globals["theme"];
+        return { theme: themeOverride };
+      },
+    ),
+    moduleMetadata({
+      imports: [
+        KitchenSinkSharedModule,
+        KitchenSinkForm,
+        KitchenSinkMainComponent,
+        KitchenSinkTable,
+        KitchenSinkToggleList,
+      ],
+      providers: [
+        DialogService,
+        {
+          provide: I18nService,
+          useFactory: () => {
+            return new I18nMockService({
+              close: "Close",
+              search: "Search",
+              skipToContent: "Skip to content",
+              submenu: "submenu",
+              toggleCollapse: "toggle collapse",
+            });
+          },
+        },
+      ],
+    }),
+    applicationConfig({
+      providers: [
+        provideNoopAnimations(),
+        importProvidersFrom(
+          RouterModule.forRoot(
+            [
+              { path: "", redirectTo: "bitwarden", pathMatch: "full" },
+              { path: "bitwarden", component: KitchenSinkMainComponent },
+            ],
+            { useHash: true },
+          ),
+        ),
+      ],
+    }),
+  ],
+} as Meta;
+
+type Story = StoryObj<LayoutComponent>;
+
+export const Default: Story = {
+  render: (args) => {
+    return {
+      props: args,
+      template: /* HTML */ `<bit-layout>
+        <nav slot="sidebar">
+          <bit-nav-group text="Password Managers" icon="bwi-collection" [open]="true">
+            <bit-nav-group text="Favorites" icon="bwi-collection" variant="tree" [open]="true">
+              <bit-nav-item text="Bitwarden" route="bitwarden"></bit-nav-item>
+              <bit-nav-divider></bit-nav-divider>
+            </bit-nav-group>
+          </bit-nav-group>
+        </nav>
+        <router-outlet></router-outlet>
+      </bit-layout>`,
+    };
+  },
+};
+
+export const MenuOpen: Story = {
+  ...Default,
+  play: async (context) => {
+    const canvas = context.canvasElement;
+    const table = getByRole(canvas, "table");
+
+    const menuButton = getAllByRole(table, "button")[0];
+    await userEvent.click(menuButton);
+  },
+};
+
+export const DefaultDialogOpen: Story = {
+  ...Default,
+  play: (context) => {
+    const canvas = context.canvasElement;
+    const dialogButton = getByRole(canvas, "button", {
+      name: "Open Dialog",
+    });
+
+    // workaround for userEvent not firing in FF https://github.com/testing-library/user-event/issues/1075
+    fireEvent.click(dialogButton);
+  },
+};
+
+export const PopoverOpen: Story = {
+  ...Default,
+  play: async (context) => {
+    const canvas = context.canvasElement;
+    const passwordLabelIcon = getByLabelText(canvas, "A random password (required)", {
+      selector: "button",
+    });
+
+    await userEvent.click(passwordLabelIcon);
+  },
+};
+
+export const SimpleDialogOpen: Story = {
+  ...Default,
+  play: (context) => {
+    const canvas = context.canvasElement;
+    const submitButton = getByRole(canvas, "button", {
+      name: "Submit",
+    });
+
+    // workaround for userEvent not firing in FF https://github.com/testing-library/user-event/issues/1075
+    fireEvent.click(submitButton);
+  },
+};
+
+export const EmptyTab: Story = {
+  ...Default,
+  play: async (context) => {
+    const canvas = context.canvasElement;
+    const emptyTab = getByRole(canvas, "tab", { name: "Empty tab" });
+    await userEvent.click(emptyTab);
+  },
+};
diff --git a/libs/importer/spec/test-data/bitwarden-json/cipher-with-collections.json.ts b/libs/importer/spec/test-data/bitwarden-json/cipher-with-collections.json.ts
new file mode 100644
index 0000000000..ef92ea7984
--- /dev/null
+++ b/libs/importer/spec/test-data/bitwarden-json/cipher-with-collections.json.ts
@@ -0,0 +1,37 @@
+export const cipherWithCollections = `{
+    "encrypted": false,
+    "collections": [
+      {
+        "id": "8e3f5ba1-3e87-4ee8-8da9-b1180099ff9f",
+        "organizationId": "c6181652-66eb-4cd9-a7f2-b02a00e12352",
+        "name": "asdf",
+        "externalId": null
+      }
+    ],
+    "items": [
+      {
+        "passwordHistory": null,
+        "revisionDate": "2024-02-16T09:20:48.383Z",
+        "creationDate": "2024-02-16T09:20:48.383Z",
+        "deletedDate": null,
+        "id": "f761a968-4b0f-4090-a568-b118009a07b5",
+        "organizationId": "c6181652-66eb-4cd9-a7f2-b02a00e12352",
+        "folderId": null,
+        "type": 1,
+        "reprompt": 0,
+        "name": "asdf123",
+        "notes": null,
+        "favorite": false,
+        "login": {
+          "fido2Credentials": [],
+          "uris": [],
+          "username": null,
+          "password": null,
+          "totp": null
+        },
+        "collectionIds": [
+          "8e3f5ba1-3e87-4ee8-8da9-b1180099ff9f"
+        ]
+      }
+    ]
+  }`;
diff --git a/libs/importer/src/components/lastpass/lastpass-direct-import.service.ts b/libs/importer/src/components/lastpass/lastpass-direct-import.service.ts
index 7d77bbbc86..678c4d35da 100644
--- a/libs/importer/src/components/lastpass/lastpass-direct-import.service.ts
+++ b/libs/importer/src/components/lastpass/lastpass-direct-import.service.ts
@@ -121,7 +121,7 @@ export class LastPassDirectImportService {
     this.oidcClient = new OidcClient({
       authority: this.vault.userType.openIDConnectAuthorityBase,
       client_id: this.vault.userType.openIDConnectClientId,
-      redirect_uri: this.getOidcRedirectUrl(),
+      redirect_uri: await this.getOidcRedirectUrl(),
       response_type: "code",
       scope: this.vault.userType.oidcScope,
       response_mode: "query",
@@ -151,12 +151,13 @@ export class LastPassDirectImportService {
     return redirectUri + "&" + params;
   }
 
-  private getOidcRedirectUrl() {
+  private async getOidcRedirectUrl() {
     const clientType = this.platformUtilsService.getClientType();
     if (clientType === ClientType.Desktop) {
       return "bitwarden://import-callback-lp";
     }
-    const webUrl = this.environmentService.getWebVaultUrl();
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const webUrl = env.getWebVaultUrl();
     return webUrl + "/sso-connector.html?lp=1";
   }
 
diff --git a/libs/importer/src/services/import.service.spec.ts b/libs/importer/src/services/import.service.spec.ts
index a95b74d792..eb21f384b5 100644
--- a/libs/importer/src/services/import.service.spec.ts
+++ b/libs/importer/src/services/import.service.spec.ts
@@ -6,6 +6,7 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
 
@@ -207,5 +208,60 @@ describe("ImportService", () => {
 
       await expect(setImportTargetMethod).rejects.toThrow("Error assigning target folder");
     });
+
+    it("passing importTarget, collectionRelationship has the expected values", async () => {
+      collectionService.getAllDecrypted.mockResolvedValue([
+        mockImportTargetCollection,
+        mockCollection1,
+        mockCollection2,
+      ]);
+
+      importResult.ciphers.push(createCipher({ name: "cipher1" }));
+      importResult.ciphers.push(createCipher({ name: "cipher2" }));
+      importResult.collectionRelationships.push([0, 0]);
+      importResult.collections.push(mockCollection1);
+      importResult.collections.push(mockCollection2);
+
+      await importService["setImportTarget"](
+        importResult,
+        organizationId,
+        mockImportTargetCollection,
+      );
+      expect(importResult.collectionRelationships.length).toEqual(2);
+      expect(importResult.collectionRelationships[0]).toEqual([1, 0]);
+      expect(importResult.collectionRelationships[1]).toEqual([0, 1]);
+    });
+
+    it("passing importTarget, folderRelationship has the expected values", async () => {
+      folderService.getAllDecryptedFromState.mockResolvedValue([
+        mockImportTargetFolder,
+        mockFolder1,
+        mockFolder2,
+      ]);
+
+      importResult.folders.push(mockFolder1);
+      importResult.folders.push(mockFolder2);
+
+      importResult.ciphers.push(createCipher({ name: "cipher1", folderId: mockFolder1.id }));
+      importResult.ciphers.push(createCipher({ name: "cipher2" }));
+      importResult.folderRelationships.push([0, 0]);
+
+      await importService["setImportTarget"](importResult, "", mockImportTargetFolder);
+      expect(importResult.folderRelationships.length).toEqual(2);
+      expect(importResult.folderRelationships[0]).toEqual([1, 0]);
+      expect(importResult.folderRelationships[1]).toEqual([0, 1]);
+    });
   });
 });
+
+function createCipher(options: Partial<CipherView> = {}) {
+  const cipher = new CipherView();
+
+  cipher.name;
+  cipher.type = options.type;
+  cipher.folderId = options.folderId;
+  cipher.collectionIds = options.collectionIds;
+  cipher.organizationId = options.organizationId;
+
+  return cipher;
+}
diff --git a/libs/importer/src/services/import.service.ts b/libs/importer/src/services/import.service.ts
index a6fd233dcf..62961a77c4 100644
--- a/libs/importer/src/services/import.service.ts
+++ b/libs/importer/src/services/import.service.ts
@@ -437,8 +437,10 @@ export class ImportService implements ImportServiceAbstraction {
 
       const noCollectionRelationShips: [number, number][] = [];
       importResult.ciphers.forEach((c, index) => {
-        if (!Array.isArray(c.collectionIds) || c.collectionIds.length == 0) {
-          c.collectionIds = [importTarget.id];
+        if (
+          !Array.isArray(importResult.collectionRelationships) ||
+          !importResult.collectionRelationships.some(([cipherPos]) => cipherPos === index)
+        ) {
           noCollectionRelationShips.push([index, 0]);
         }
       });
diff --git a/libs/shared/tsconfig.libs.json b/libs/shared/tsconfig.libs.json
index 079a49fbd5..713d34a10e 100644
--- a/libs/shared/tsconfig.libs.json
+++ b/libs/shared/tsconfig.libs.json
@@ -10,6 +10,7 @@
       "@bitwarden/common/*": ["../common/src/*"],
       "@bitwarden/components": ["../components/src"],
       "@bitwarden/vault-export-core": ["../tools/export/vault-export/vault-export-core/src"],
+      "@bitwarden/vault-export-ui": ["../tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["../importer/src"],
       "@bitwarden/importer/ui": ["../importer/src/components"],
       "@bitwarden/platform": ["../platform/src"],
diff --git a/libs/tools/export/vault-export/README.md b/libs/tools/export/vault-export/README.md
index 45d9e08e5e..e6bce1c525 100644
--- a/libs/tools/export/vault-export/README.md
+++ b/libs/tools/export/vault-export/README.md
@@ -13,3 +13,5 @@ Currently in use by the Bitwarden Web Vault, CLI, desktop app and browser extens
 ## vault-export-ui
 
 Package name: `@bitwarden/vault-export-ui`
+
+Contains all UI components used for the vault-export
diff --git a/libs/tools/export/vault-export/vault-export-ui/jest.config.js b/libs/tools/export/vault-export/vault-export-ui/jest.config.js
new file mode 100644
index 0000000000..955b8e7763
--- /dev/null
+++ b/libs/tools/export/vault-export/vault-export-ui/jest.config.js
@@ -0,0 +1,13 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+
+const { compilerOptions } = require("../../../../shared/tsconfig.libs");
+
+/** @type {import('jest').Config} */
+module.exports = {
+  testMatch: ["**/+(*.)+(spec).+(ts)"],
+  preset: "ts-jest",
+  testEnvironment: "jsdom",
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
+    prefix: "<rootDir>/../../../",
+  }),
+};
diff --git a/libs/tools/export/vault-export/vault-export-ui/package.json b/libs/tools/export/vault-export/vault-export-ui/package.json
new file mode 100644
index 0000000000..e27140f365
--- /dev/null
+++ b/libs/tools/export/vault-export/vault-export-ui/package.json
@@ -0,0 +1,25 @@
+{
+  "name": "@bitwarden/vault-export-ui",
+  "version": "0.0.0",
+  "description": "Angular components for the Bitwarden vault exporter",
+  "keywords": [
+    "bitwarden"
+  ],
+  "author": "Bitwarden Inc.",
+  "homepage": "https://bitwarden.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bitwarden/clients"
+  },
+  "license": "GPL-3.0",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "npm run clean && tsc",
+    "build:watch": "npm run clean && tsc -watch"
+  },
+  "dependencies": {
+    "@bitwarden/common": "file:../../../../common",
+    "@bitwarden/angular": "file:../../../../angular",
+    "@bitwarden/vault-export-core": "file:../vault-export-core"
+  }
+}
diff --git a/libs/angular/src/tools/export/components/export-scope-callout.component.html b/libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.html
similarity index 59%
rename from libs/angular/src/tools/export/components/export-scope-callout.component.html
rename to libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.html
index c6b5e1e852..a660219499 100644
--- a/libs/angular/src/tools/export/components/export-scope-callout.component.html
+++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.html
@@ -1,5 +1,5 @@
 <ng-container *ngIf="show">
-  <app-callout type="info" title="{{ scopeConfig.title | i18n }}">
+  <bit-callout type="info" title="{{ scopeConfig.title | i18n }}">
     {{ scopeConfig.description | i18n: scopeConfig.scopeIdentifier }}
-  </app-callout>
+  </bit-callout>
 </ng-container>
diff --git a/libs/angular/src/tools/export/components/export-scope-callout.component.ts b/libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.ts
similarity index 86%
rename from libs/angular/src/tools/export/components/export-scope-callout.component.ts
rename to libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.ts
index 545dfe4560..0f246c3a34 100644
--- a/libs/angular/src/tools/export/components/export-scope-callout.component.ts
+++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export-scope-callout.component.ts
@@ -1,11 +1,16 @@
+import { CommonModule } from "@angular/common";
 import { Component, Input, OnInit } from "@angular/core";
 
+import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { CalloutModule } from "@bitwarden/components";
 
 @Component({
-  selector: "app-export-scope-callout",
+  selector: "tools-export-scope-callout",
   templateUrl: "export-scope-callout.component.html",
+  standalone: true,
+  imports: [CommonModule, JslibModule, CalloutModule],
 })
 export class ExportScopeCalloutComponent implements OnInit {
   show = false;
diff --git a/libs/angular/src/tools/export/components/export.component.ts b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
similarity index 98%
rename from libs/angular/src/tools/export/components/export.component.ts
rename to libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
index 400071e59c..ce478db19a 100644
--- a/libs/angular/src/tools/export/components/export.component.ts
+++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
@@ -2,6 +2,7 @@ import { Directive, EventEmitter, OnDestroy, OnInit, Output, ViewChild } from "@
 import { UntypedFormBuilder, Validators } from "@angular/forms";
 import { map, merge, Observable, startWith, Subject, takeUntil } from "rxjs";
 
+import { PasswordStrengthComponent } from "@bitwarden/angular/tools/password-strength/password-strength.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -18,8 +19,6 @@ import { EncryptedExportType } from "@bitwarden/common/tools/enums/encrypted-exp
 import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
 
-import { PasswordStrengthComponent } from "../../password-strength/password-strength.component";
-
 @Directive()
 export class ExportComponent implements OnInit, OnDestroy {
   @Output() onSaved = new EventEmitter();
diff --git a/libs/tools/export/vault-export/vault-export-ui/src/index.ts b/libs/tools/export/vault-export/vault-export-ui/src/index.ts
new file mode 100644
index 0000000000..919bc8b38e
--- /dev/null
+++ b/libs/tools/export/vault-export/vault-export-ui/src/index.ts
@@ -0,0 +1,2 @@
+export { ExportComponent } from "./components/export.component";
+export { ExportScopeCalloutComponent } from "./components/export-scope-callout.component";
diff --git a/libs/tools/export/vault-export/vault-export-ui/tsconfig.json b/libs/tools/export/vault-export/vault-export-ui/tsconfig.json
new file mode 100644
index 0000000000..5cb9026037
--- /dev/null
+++ b/libs/tools/export/vault-export/vault-export-ui/tsconfig.json
@@ -0,0 +1,5 @@
+{
+  "extends": "../../../../shared/tsconfig.libs",
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}
diff --git a/libs/tools/export/vault-export/vault-export-ui/tsconfig.spec.json b/libs/tools/export/vault-export/vault-export-ui/tsconfig.spec.json
new file mode 100644
index 0000000000..fc8520e737
--- /dev/null
+++ b/libs/tools/export/vault-export/vault-export-ui/tsconfig.spec.json
@@ -0,0 +1,3 @@
+{
+  "extends": "./tsconfig.json"
+}
diff --git a/package-lock.json b/package-lock.json
index ba95074d89..ef23904967 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -38,7 +38,7 @@
         "bufferutil": "4.0.8",
         "chalk": "4.1.2",
         "commander": "11.1.0",
-        "core-js": "3.34.0",
+        "core-js": "3.36.1",
         "duo_web_sdk": "github:duosecurity/duo_web_sdk",
         "form-data": "4.0.0",
         "https-proxy-agent": "7.0.2",
@@ -67,7 +67,7 @@
         "qrious": "4.0.2",
         "rxjs": "7.8.1",
         "tabbable": "6.2.0",
-        "tldts": "6.1.13",
+        "tldts": "6.1.16",
         "utf-8-validate": "6.0.3",
         "zone.js": "0.13.3",
         "zxcvbn": "4.4.2"
@@ -117,17 +117,17 @@
         "@types/react": "16.14.57",
         "@types/retry": "0.12.5",
         "@types/zxcvbn": "4.4.4",
-        "@typescript-eslint/eslint-plugin": "6.21.0",
-        "@typescript-eslint/parser": "6.21.0",
+        "@typescript-eslint/eslint-plugin": "7.4.0",
+        "@typescript-eslint/parser": "7.4.0",
         "@webcomponents/custom-elements": "1.6.0",
         "autoprefixer": "10.4.18",
         "base64-loader": "1.0.0",
         "chromatic": "10.9.6",
         "concurrently": "8.2.2",
-        "copy-webpack-plugin": "11.0.0",
+        "copy-webpack-plugin": "12.0.2",
         "cross-env": "7.0.3",
-        "css-loader": "6.8.1",
-        "electron": "28.2.7",
+        "css-loader": "6.10.0",
+        "electron": "28.2.8",
         "electron-builder": "24.13.3",
         "electron-log": "5.0.1",
         "electron-reload": "2.0.0-alpha.1",
@@ -149,7 +149,7 @@
         "gulp-zip": "6.0.0",
         "html-loader": "4.2.0",
         "html-webpack-injector": "1.1.4",
-        "html-webpack-plugin": "5.5.4",
+        "html-webpack-plugin": "5.6.0",
         "husky": "9.0.11",
         "jest-junit": "16.0.0",
         "jest-mock-extended": "3.0.5",
@@ -159,9 +159,9 @@
         "node-ipc": "9.2.1",
         "pkg": "5.8.1",
         "postcss": "8.4.35",
-        "postcss-loader": "7.3.4",
+        "postcss-loader": "8.1.1",
         "prettier": "3.2.2",
-        "prettier-plugin-tailwindcss": "0.5.12",
+        "prettier-plugin-tailwindcss": "0.5.13",
         "process": "0.11.10",
         "react": "18.2.0",
         "react-dom": "18.2.0",
@@ -183,21 +183,21 @@
         "wait-on": "7.2.0",
         "webpack": "5.89.0",
         "webpack-cli": "5.1.4",
-        "webpack-dev-server": "4.15.1",
+        "webpack-dev-server": "5.0.4",
         "webpack-node-externals": "3.0.0"
       },
       "engines": {
-        "node": "~18",
+        "node": "^18.18.0",
         "npm": "~9"
       }
     },
     "apps/browser": {
       "name": "@bitwarden/browser",
-      "version": "2024.3.0"
+      "version": "2024.3.1"
     },
     "apps/cli": {
       "name": "@bitwarden/cli",
-      "version": "2024.3.0",
+      "version": "2024.3.1",
       "license": "GPL-3.0-only",
       "dependencies": {
         "@koa/multer": "3.0.2",
@@ -224,7 +224,7 @@
         "papaparse": "5.4.1",
         "proper-lockfile": "4.1.2",
         "rxjs": "7.8.1",
-        "tldts": "6.1.13",
+        "tldts": "6.1.16",
         "zxcvbn": "4.4.2"
       },
       "bin": {
@@ -233,7 +233,7 @@
     },
     "apps/desktop": {
       "name": "@bitwarden/desktop",
-      "version": "2024.3.1",
+      "version": "2024.3.2",
       "hasInstallScript": true,
       "license": "GPL-3.0"
     },
@@ -263,7 +263,7 @@
     },
     "apps/web": {
       "name": "@bitwarden/web-vault",
-      "version": "2024.3.0"
+      "version": "2024.3.1"
     },
     "libs/admin-console": {
       "name": "@bitwarden/admin-console",
@@ -614,6 +614,95 @@
         "postcss": "^8.1.0"
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz",
+      "integrity": "sha512-fX2MWpamkW0hZxMEg0+mYnA40LTosOSa5TqZ9GYIBzyJa9C3QUaMPSE2xAi/buNr8u89SfD9wHSQVBzrRa/SOQ==",
+      "dev": true,
+      "dependencies": {
+        "fast-glob": "^3.2.11",
+        "glob-parent": "^6.0.1",
+        "globby": "^13.1.1",
+        "normalize-path": "^3.0.0",
+        "schema-utils": "^4.0.0",
+        "serialize-javascript": "^6.0.0"
+      },
+      "engines": {
+        "node": ">= 14.15.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.1.0"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin/node_modules/glob-parent": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
+      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
+      "dev": true,
+      "dependencies": {
+        "is-glob": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
+      "dev": true
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/copy-webpack-plugin/node_modules/schema-utils": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
+      "dev": true,
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.9.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.1.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/cosmiconfig": {
       "version": "8.3.6",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz",
@@ -640,6 +729,32 @@
         }
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/css-loader": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.8.1.tgz",
+      "integrity": "sha512-xDAXtEVGlD0gJ07iclwWVkLoZOpEvAWaSyf6W18S2pOC//K8+qUDIx8IIT3D+HjnmkJPQeesOPv5aiUaJsCM2g==",
+      "dev": true,
+      "dependencies": {
+        "icss-utils": "^5.1.0",
+        "postcss": "^8.4.21",
+        "postcss-modules-extract-imports": "^3.0.0",
+        "postcss-modules-local-by-default": "^4.0.3",
+        "postcss-modules-scope": "^3.0.0",
+        "postcss-modules-values": "^4.0.0",
+        "postcss-value-parser": "^4.2.0",
+        "semver": "^7.3.8"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/eslint-scope": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
@@ -678,6 +793,45 @@
         "node": ">=8.6.0"
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "dev": true,
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/globby": {
+      "version": "13.2.2",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz",
+      "integrity": "sha512-Y1zNGV+pzQdh7H39l9zgB4PJqjRNqydvdYCDG4HFXM4XuvSaQQlEc91IU1yALL8gUTDomgBAfz3XJdmUS+oo0w==",
+      "dev": true,
+      "dependencies": {
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.3.0",
+        "ignore": "^5.2.4",
+        "merge2": "^1.4.1",
+        "slash": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/https-proxy-agent": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
@@ -726,6 +880,15 @@
         "tslib": "^2.1.0"
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/ipaddr.js": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz",
+      "integrity": "sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==",
+      "dev": true,
+      "engines": {
+        "node": ">= 10"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/js-yaml": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
@@ -794,6 +957,21 @@
         "webpack": "^5.0.0"
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "dev": true,
+      "dependencies": {
+        "glob": "^7.1.3"
+      },
+      "bin": {
+        "rimraf": "bin.js"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/sass": {
       "version": "1.64.1",
       "resolved": "https://registry.npmjs.org/sass/-/sass-1.64.1.tgz",
@@ -866,6 +1044,18 @@
         "url": "https://opencollective.com/webpack"
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/slash": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
+      "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/webpack": {
       "version": "5.88.2",
       "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.88.2.tgz",
@@ -913,6 +1103,162 @@
         }
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server": {
+      "version": "4.15.1",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz",
+      "integrity": "sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA==",
+      "dev": true,
+      "dependencies": {
+        "@types/bonjour": "^3.5.9",
+        "@types/connect-history-api-fallback": "^1.3.5",
+        "@types/express": "^4.17.13",
+        "@types/serve-index": "^1.9.1",
+        "@types/serve-static": "^1.13.10",
+        "@types/sockjs": "^0.3.33",
+        "@types/ws": "^8.5.5",
+        "ansi-html-community": "^0.0.8",
+        "bonjour-service": "^1.0.11",
+        "chokidar": "^3.5.3",
+        "colorette": "^2.0.10",
+        "compression": "^1.7.4",
+        "connect-history-api-fallback": "^2.0.0",
+        "default-gateway": "^6.0.3",
+        "express": "^4.17.3",
+        "graceful-fs": "^4.2.6",
+        "html-entities": "^2.3.2",
+        "http-proxy-middleware": "^2.0.3",
+        "ipaddr.js": "^2.0.1",
+        "launch-editor": "^2.6.0",
+        "open": "^8.0.9",
+        "p-retry": "^4.5.0",
+        "rimraf": "^3.0.2",
+        "schema-utils": "^4.0.0",
+        "selfsigned": "^2.1.1",
+        "serve-index": "^1.9.1",
+        "sockjs": "^0.3.24",
+        "spdy": "^4.0.2",
+        "webpack-dev-middleware": "^5.3.1",
+        "ws": "^8.13.0"
+      },
+      "bin": {
+        "webpack-dev-server": "bin/webpack-dev-server.js"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^4.37.0 || ^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "webpack": {
+          "optional": true
+        },
+        "webpack-cli": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
+      "dev": true
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server/node_modules/schema-utils": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
+      "dev": true,
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.9.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.1.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server/node_modules/webpack-dev-middleware": {
+      "version": "5.3.4",
+      "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz",
+      "integrity": "sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==",
+      "dev": true,
+      "dependencies": {
+        "colorette": "^2.0.10",
+        "memfs": "^3.4.3",
+        "mime-types": "^2.1.31",
+        "range-parser": "^1.2.1",
+        "schema-utils": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^4.0.0 || ^5.0.0"
+      }
+    },
+    "node_modules/@angular-devkit/build-angular/node_modules/ws": {
+      "version": "8.16.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.16.0.tgz",
+      "integrity": "sha512-HS0c//TP7Ina87TfiPUz1rQzMhHrl/SG2guqRcTOIUYD2q8uhUdNHZYJUaQ8aTGPzCh+c6oawMKW35nFl1dxyQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@angular-devkit/build-webpack": {
       "version": "0.1602.11",
       "resolved": "https://registry.npmjs.org/@angular-devkit/build-webpack/-/build-webpack-0.1602.11.tgz",
@@ -7250,6 +7596,18 @@
         "url": "https://github.com/sindresorhus/is?sponsor=1"
       }
     },
+    "node_modules/@sindresorhus/merge-streams": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-2.3.0.tgz",
+      "integrity": "sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==",
+      "dev": true,
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@sinonjs/commons": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.0.tgz",
@@ -10845,9 +11203,9 @@
       }
     },
     "node_modules/@types/bonjour": {
-      "version": "3.5.10",
-      "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.10.tgz",
-      "integrity": "sha512-p7ienRMiS41Nu2/igbJxxLDWrSZ0WxM8UQgCeO9KhoVF7cOVFkrKsiDr1EsJIla8vV3oEEjGcz11jc5yimhzZw==",
+      "version": "3.5.13",
+      "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.13.tgz",
+      "integrity": "sha512-z9fJ5Im06zvUL548KvYNecEVlA7cVDkGUi6kZusb04mpyEFKCIZJvloCcmpmLaIahDpOQGHaHmG6imtPMmPXGQ==",
       "dev": true,
       "dependencies": {
         "@types/node": "*"
@@ -10885,9 +11243,9 @@
       }
     },
     "node_modules/@types/connect-history-api-fallback": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.0.tgz",
-      "integrity": "sha512-4x5FkPpLipqwthjPsF7ZRbOv3uoLUFkTA9G9v583qi4pACvq0uTELrB8OLUzPWUI4IJIyvM85vzkV1nyiI2Lig==",
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.4.tgz",
+      "integrity": "sha512-n6Cr2xS1h4uAulPRdlw6Jl6s1oG8KrVilPN2yUITEs+K48EzMJJ3W1xy8K5eWuFvjp3R74AOIGSmp2UfBJ8HFw==",
       "dev": true,
       "dependencies": {
         "@types/express-serve-static-core": "*",
@@ -10993,9 +11351,9 @@
       "dev": true
     },
     "node_modules/@types/express": {
-      "version": "4.17.17",
-      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz",
-      "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==",
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz",
+      "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==",
       "dev": true,
       "dependencies": {
         "@types/body-parser": "*",
@@ -11487,20 +11845,21 @@
       }
     },
     "node_modules/@types/serve-index": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.1.tgz",
-      "integrity": "sha512-d/Hs3nWDxNL2xAczmOVZNj92YZCS6RGxfBPjKzuu/XirCgXdpKEb88dYNbrYGint6IVWLNP+yonwVAuRC0T2Dg==",
+      "version": "1.9.4",
+      "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.4.tgz",
+      "integrity": "sha512-qLpGZ/c2fhSs5gnYsQxtDEq3Oy8SXPClIXkW5ghvAvsNuVSA8k+gCONcUCS/UjLEYvYps+e8uBtfgXgvhwfNug==",
       "dev": true,
       "dependencies": {
         "@types/express": "*"
       }
     },
     "node_modules/@types/serve-static": {
-      "version": "1.15.1",
-      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz",
-      "integrity": "sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==",
+      "version": "1.15.5",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz",
+      "integrity": "sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ==",
       "dev": true,
       "dependencies": {
+        "@types/http-errors": "*",
         "@types/mime": "*",
         "@types/node": "*"
       }
@@ -11512,9 +11871,9 @@
       "dev": true
     },
     "node_modules/@types/sockjs": {
-      "version": "0.3.33",
-      "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.33.tgz",
-      "integrity": "sha512-f0KEEe05NvUnat+boPTZ0dgaLZ4SfSouXUgv5noUiefG2ajgKjmETo9ZJyuqsl7dfl2aHlLJUiki6B4ZYldiiw==",
+      "version": "0.3.36",
+      "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.36.tgz",
+      "integrity": "sha512-MK9V6NzAS1+Ud7JV9lJLFqW85VbC9dq3LmwZCuBe4wBDgKC0Kj/jd8Xl+nSviU+Qc3+m7umHHyHg//2KSa0a0Q==",
       "dev": true,
       "dependencies": {
         "@types/node": "*"
@@ -11582,6 +11941,15 @@
       "integrity": "sha512-D0HJET2/UY6k9L6y3f5BL+IDxZmPkYmPT4+qBrRdmRLYRuV0qNKizMgTvYxXZYn+36zjPeoDZAEYBCM6XB+gww==",
       "dev": true
     },
+    "node_modules/@types/ws": {
+      "version": "8.5.10",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.10.tgz",
+      "integrity": "sha512-vmQSUcfalpIq0R9q7uTo2lXs6eGIpt9wtnLdMv9LVpIjCA/+ufZRozlVoVelIYixx1ugCBKDhn89vnsEGOCx9A==",
+      "dev": true,
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/yargs": {
       "version": "17.0.24",
       "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.24.tgz",
@@ -11614,16 +11982,16 @@
       "dev": true
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.21.0.tgz",
-      "integrity": "sha512-oy9+hTPCUFpngkEZUSzbf9MxI65wbKFoQYsgPdILTfbUldp5ovUuphZVe4i30emU9M/kP+T64Di0mxl7dSw3MA==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.4.0.tgz",
+      "integrity": "sha512-yHMQ/oFaM7HZdVrVm/M2WHaNPgyuJH4WelkSVEWSSsir34kxW2kDJCxlXRhhGWEsMN0WAW/vLpKfKVcm8k+MPw==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.5.1",
-        "@typescript-eslint/scope-manager": "6.21.0",
-        "@typescript-eslint/type-utils": "6.21.0",
-        "@typescript-eslint/utils": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/type-utils": "7.4.0",
+        "@typescript-eslint/utils": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.4",
@@ -11632,15 +12000,15 @@
         "ts-api-utils": "^1.0.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^6.0.0 || ^6.0.0-alpha",
-        "eslint": "^7.0.0 || ^8.0.0"
+        "@typescript-eslint/parser": "^7.0.0",
+        "eslint": "^8.56.0"
       },
       "peerDependenciesMeta": {
         "typescript": {
@@ -11649,16 +12017,16 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.21.0.tgz",
-      "integrity": "sha512-OwLUIWZJry80O99zvqXVEioyniJMa+d2GrqpUTqi5/v5D5rOrppJVBPa0yKCblcigC0/aYAzxxqQ1B+DS2RYsg==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.4.0.tgz",
+      "integrity": "sha512-68VqENG5HK27ypafqLVs8qO+RkNc7TezCduYrx8YJpXq2QGZ30vmNZGJJJC48+MVn4G2dCV8m5ZTVnzRexTVtw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0"
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11666,25 +12034,25 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/type-utils": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.21.0.tgz",
-      "integrity": "sha512-rZQI7wHfao8qMX3Rd3xqeYSMCL3SoiSQLBATSiVKARdFGCYSRvmViieZjqc58jKgs8Y8i9YvVVhRbHSTA4VBag==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.4.0.tgz",
+      "integrity": "sha512-247ETeHgr9WTRMqHbbQdzwzhuyaJ8dPTuyuUEMANqzMRB1rj/9qFIuIXK7l0FX9i9FXbHeBQl/4uz6mYuCE7Aw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "6.21.0",
-        "@typescript-eslint/utils": "6.21.0",
+        "@typescript-eslint/typescript-estree": "7.4.0",
+        "@typescript-eslint/utils": "7.4.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.0.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^7.0.0 || ^8.0.0"
+        "eslint": "^8.56.0"
       },
       "peerDependenciesMeta": {
         "typescript": {
@@ -11693,12 +12061,12 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.21.0.tgz",
-      "integrity": "sha512-1kFmZ1rOm5epu9NZEZm1kckCDGj5UJEf7P1kliH4LKu/RkwpsfqqGmY2OOcUs18lSlQBKLDYBOGxRVtrMN5lpg==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.4.0.tgz",
+      "integrity": "sha512-mjQopsbffzJskos5B4HmbsadSJQWaRK0UxqQ7GuNA9Ga4bEKeiO6b2DnB6cM6bpc8lemaPseh0H9B/wyg+J7rw==",
       "dev": true,
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11706,13 +12074,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.21.0.tgz",
-      "integrity": "sha512-6npJTkZcO+y2/kr+z0hc4HwNfrrP4kNYh57ek7yCNlrBjWQ1Y0OS7jiZTkgumrvkX5HkEKXFZkkdFNkaW2wmUQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.4.0.tgz",
+      "integrity": "sha512-A99j5AYoME/UBQ1ucEbbMEmGkN7SE0BvZFreSnTd1luq7yulcHdyGamZKizU7canpGDWGJ+Q6ZA9SyQobipePg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -11721,7 +12089,7 @@
         "ts-api-utils": "^1.0.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11734,41 +12102,41 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.21.0.tgz",
-      "integrity": "sha512-NfWVaC8HP9T8cbKQxHcsJBY5YE1O33+jpMwN45qzWWaPDZgLIbo12toGMWnmhvCpd3sIxkpDw3Wv1B3dYrbDQQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.4.0.tgz",
+      "integrity": "sha512-NQt9QLM4Tt8qrlBVY9lkMYzfYtNz8/6qwZg8pI3cMGlPnj6mOpRxxAm7BMJN9K0AiY+1BwJ5lVC650YJqYOuNg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
         "@types/json-schema": "^7.0.12",
         "@types/semver": "^7.5.0",
-        "@typescript-eslint/scope-manager": "6.21.0",
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/typescript-estree": "6.21.0",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/typescript-estree": "7.4.0",
         "semver": "^7.5.4"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^7.0.0 || ^8.0.0"
+        "eslint": "^8.56.0"
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.21.0.tgz",
-      "integrity": "sha512-JJtkDduxLi9bivAB+cYOVMtbkqdPOhZ+ZI5LC47MIRrDV4Yn2o+ZnW10Nkmr28xRpSpdJ6Sm42Hjf2+REYXm0A==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.4.0.tgz",
+      "integrity": "sha512-0zkC7YM0iX5Y41homUUeW1CHtZR01K3ybjM1l6QczoMuay0XKtrb93kv95AxUGwdjGr64nNqnOCwmEl616N8CA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
+        "@typescript-eslint/types": "7.4.0",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11867,26 +12235,26 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.21.0.tgz",
-      "integrity": "sha512-tbsV1jPne5CkFQCgPBcDOt30ItF7aJoZL997JSF7MhGQqOeT3svWRYxiqlfA5RUdlHN6Fi+EI9bxqbdyAUZjYQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.4.0.tgz",
+      "integrity": "sha512-ZvKHxHLusweEUVwrGRXXUVzFgnWhigo4JurEj0dGF1tbcGh6buL+ejDdjxOQxv6ytcY1uhun1p2sm8iWStlgLQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "6.21.0",
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/typescript-estree": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/typescript-estree": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^7.0.0 || ^8.0.0"
+        "eslint": "^8.56.0"
       },
       "peerDependenciesMeta": {
         "typescript": {
@@ -11895,16 +12263,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.21.0.tgz",
-      "integrity": "sha512-OwLUIWZJry80O99zvqXVEioyniJMa+d2GrqpUTqi5/v5D5rOrppJVBPa0yKCblcigC0/aYAzxxqQ1B+DS2RYsg==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.4.0.tgz",
+      "integrity": "sha512-68VqENG5HK27ypafqLVs8qO+RkNc7TezCduYrx8YJpXq2QGZ30vmNZGJJJC48+MVn4G2dCV8m5ZTVnzRexTVtw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0"
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11912,12 +12280,12 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.21.0.tgz",
-      "integrity": "sha512-1kFmZ1rOm5epu9NZEZm1kckCDGj5UJEf7P1kliH4LKu/RkwpsfqqGmY2OOcUs18lSlQBKLDYBOGxRVtrMN5lpg==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.4.0.tgz",
+      "integrity": "sha512-mjQopsbffzJskos5B4HmbsadSJQWaRK0UxqQ7GuNA9Ga4bEKeiO6b2DnB6cM6bpc8lemaPseh0H9B/wyg+J7rw==",
       "dev": true,
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11925,13 +12293,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.21.0.tgz",
-      "integrity": "sha512-6npJTkZcO+y2/kr+z0hc4HwNfrrP4kNYh57ek7yCNlrBjWQ1Y0OS7jiZTkgumrvkX5HkEKXFZkkdFNkaW2wmUQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.4.0.tgz",
+      "integrity": "sha512-A99j5AYoME/UBQ1ucEbbMEmGkN7SE0BvZFreSnTd1luq7yulcHdyGamZKizU7canpGDWGJ+Q6ZA9SyQobipePg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
-        "@typescript-eslint/visitor-keys": "6.21.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -11940,7 +12308,7 @@
         "ts-api-utils": "^1.0.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -11953,16 +12321,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.21.0.tgz",
-      "integrity": "sha512-JJtkDduxLi9bivAB+cYOVMtbkqdPOhZ+ZI5LC47MIRrDV4Yn2o+ZnW10Nkmr28xRpSpdJ6Sm42Hjf2+REYXm0A==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.4.0.tgz",
+      "integrity": "sha512-0zkC7YM0iX5Y41homUUeW1CHtZR01K3ybjM1l6QczoMuay0XKtrb93kv95AxUGwdjGr64nNqnOCwmEl616N8CA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.21.0",
+        "@typescript-eslint/types": "7.4.0",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {
-        "node": "^16.0.0 || >=18.0.0"
+        "node": "^18.18.0 || >=20.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -14757,23 +15125,15 @@
       }
     },
     "node_modules/bonjour-service": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.1.1.tgz",
-      "integrity": "sha512-Z/5lQRMOG9k7W+FkeGTNjh7htqn/2LMnfOvBZ8pynNZCM9MwkQkI3zeI4oz09uWdcgmgHugVvBqxGg4VQJ5PCg==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.2.1.tgz",
+      "integrity": "sha512-oSzCS2zV14bh2kji6vNe7vrpJYCHGvcZnlffFQ1MEoX/WOeQ/teD8SYWKR942OI3INjq8OMNJlbPK5LLLUxFDw==",
       "dev": true,
       "dependencies": {
-        "array-flatten": "^2.1.2",
-        "dns-equal": "^1.0.0",
         "fast-deep-equal": "^3.1.3",
         "multicast-dns": "^7.2.5"
       }
     },
-    "node_modules/bonjour-service/node_modules/array-flatten": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz",
-      "integrity": "sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ==",
-      "dev": true
-    },
     "node_modules/boolbase": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
@@ -15171,6 +15531,21 @@
         "semver": "^7.0.0"
       }
     },
+    "node_modules/bundle-name": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz",
+      "integrity": "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==",
+      "dev": true,
+      "dependencies": {
+        "run-applescript": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/busboy": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
@@ -16516,20 +16891,20 @@
       "integrity": "sha512-3DdaFaU/Zf1AnpLiFDeNCD4TOWe3Zl2RZaTzUvWiIk5ERzcCodOE20Vqq4fzCbNoHURFHT4/us/Lfq+S2zyY4w=="
     },
     "node_modules/copy-webpack-plugin": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz",
-      "integrity": "sha512-fX2MWpamkW0hZxMEg0+mYnA40LTosOSa5TqZ9GYIBzyJa9C3QUaMPSE2xAi/buNr8u89SfD9wHSQVBzrRa/SOQ==",
+      "version": "12.0.2",
+      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-12.0.2.tgz",
+      "integrity": "sha512-SNwdBeHyII+rWvee/bTnAYyO8vfVdcSTud4EIb6jcZ8inLeWucJE0DnxXQBjlQ5zlteuuvooGQy3LIyGxhvlOA==",
       "dev": true,
       "dependencies": {
-        "fast-glob": "^3.2.11",
+        "fast-glob": "^3.3.2",
         "glob-parent": "^6.0.1",
-        "globby": "^13.1.1",
+        "globby": "^14.0.0",
         "normalize-path": "^3.0.0",
-        "schema-utils": "^4.0.0",
-        "serialize-javascript": "^6.0.0"
+        "schema-utils": "^4.2.0",
+        "serialize-javascript": "^6.0.2"
       },
       "engines": {
-        "node": ">= 14.15.0"
+        "node": ">= 18.12.0"
       },
       "funding": {
         "type": "opencollective",
@@ -16552,28 +16927,29 @@
       }
     },
     "node_modules/copy-webpack-plugin/node_modules/globby": {
-      "version": "13.1.4",
-      "resolved": "https://registry.npmjs.org/globby/-/globby-13.1.4.tgz",
-      "integrity": "sha512-iui/IiiW+QrJ1X1hKH5qwlMQyv34wJAYwH1vrf8b9kBA4sNiif3gKsMHa+BrdnOpEudWjpotfa7LrTzB1ERS/g==",
+      "version": "14.0.1",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-14.0.1.tgz",
+      "integrity": "sha512-jOMLD2Z7MAhyG8aJpNOpmziMOP4rPLcc95oQPKXBazW82z+CEgPFBQvEpRUa1KeIMUJo4Wsm+q6uzO/Q/4BksQ==",
       "dev": true,
       "dependencies": {
-        "dir-glob": "^3.0.1",
-        "fast-glob": "^3.2.11",
-        "ignore": "^5.2.0",
-        "merge2": "^1.4.1",
-        "slash": "^4.0.0"
+        "@sindresorhus/merge-streams": "^2.1.0",
+        "fast-glob": "^3.3.2",
+        "ignore": "^5.2.4",
+        "path-type": "^5.0.0",
+        "slash": "^5.1.0",
+        "unicorn-magic": "^0.1.0"
       },
       "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+        "node": ">=18"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/copy-webpack-plugin/node_modules/slash": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
-      "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==",
+    "node_modules/copy-webpack-plugin/node_modules/path-type": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-5.0.0.tgz",
+      "integrity": "sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==",
       "dev": true,
       "engines": {
         "node": ">=12"
@@ -16582,10 +16958,22 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/copy-webpack-plugin/node_modules/slash": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz",
+      "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==",
+      "dev": true,
+      "engines": {
+        "node": ">=14.16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/core-js": {
-      "version": "3.34.0",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.34.0.tgz",
-      "integrity": "sha512-aDdvlDder8QmY91H88GzNi9EtQi2TjvQhpCX6B1v/dAZHU1AuLgHvRh54RiOerpEhEW46Tkf+vgAViB/CWC0ag==",
+      "version": "3.36.1",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.36.1.tgz",
+      "integrity": "sha512-BTvUrwxVBezj5SZ3f10ImnX2oRByMxql3EimVqMysepbC9EeMUOpLwdy6Eoili2x6E4kf+ZUB5k/+Jv55alPfA==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -16782,19 +17170,19 @@
       }
     },
     "node_modules/css-loader": {
-      "version": "6.8.1",
-      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.8.1.tgz",
-      "integrity": "sha512-xDAXtEVGlD0gJ07iclwWVkLoZOpEvAWaSyf6W18S2pOC//K8+qUDIx8IIT3D+HjnmkJPQeesOPv5aiUaJsCM2g==",
+      "version": "6.10.0",
+      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.10.0.tgz",
+      "integrity": "sha512-LTSA/jWbwdMlk+rhmElbDR2vbtQoTBPr7fkJE+mxrHj+7ru0hUmHafDRzWIjIHTwpitWVaqY2/UWGRca3yUgRw==",
       "dev": true,
       "dependencies": {
         "icss-utils": "^5.1.0",
-        "postcss": "^8.4.21",
+        "postcss": "^8.4.33",
         "postcss-modules-extract-imports": "^3.0.0",
-        "postcss-modules-local-by-default": "^4.0.3",
-        "postcss-modules-scope": "^3.0.0",
+        "postcss-modules-local-by-default": "^4.0.4",
+        "postcss-modules-scope": "^3.1.1",
         "postcss-modules-values": "^4.0.0",
         "postcss-value-parser": "^4.2.0",
-        "semver": "^7.3.8"
+        "semver": "^7.5.4"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -16804,7 +17192,48 @@
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
+        "@rspack/core": "0.x || 1.x",
         "webpack": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@rspack/core": {
+          "optional": true
+        },
+        "webpack": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/css-loader/node_modules/postcss-modules-local-by-default": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.4.tgz",
+      "integrity": "sha512-L4QzMnOdVwRm1Qb8m4x8jsZzKAaPAgrUF1r/hjDR2Xj7R+8Zsf97jAlSQzWtKx5YNiNGN8QxmPFIc/sh+RQl+Q==",
+      "dev": true,
+      "dependencies": {
+        "icss-utils": "^5.0.0",
+        "postcss-selector-parser": "^6.0.2",
+        "postcss-value-parser": "^4.1.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/css-loader/node_modules/postcss-modules-scope": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.1.1.tgz",
+      "integrity": "sha512-uZgqzdTleelWjzJY+Fhti6F3C9iF1JR/dODLs/JDefozYcKTBCdD8BIl6nNPbTbcLnGrk56hzwZC2DaGNvYjzA==",
+      "dev": true,
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.4"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
       }
     },
     "node_modules/css-select": {
@@ -17094,6 +17523,22 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/default-browser": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz",
+      "integrity": "sha512-WY/3TUME0x3KPYdRRxEJJvXRHV4PyPoUsxtZa78lwItwRQRHhd2U9xOscaT/YTf8uCXIAjeJOFBVEh/7FtD8Xg==",
+      "dev": true,
+      "dependencies": {
+        "bundle-name": "^4.1.0",
+        "default-browser-id": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/default-browser-id": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-3.0.0.tgz",
@@ -17110,6 +17555,18 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/default-browser/node_modules/default-browser-id": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz",
+      "integrity": "sha512-A6p/pu/6fyBcA1TRz/GqWYPViplrftcW2gZC9q79ngNCKAeR/X3gcEdXQHl4KNXV+3wgIJ1CPkJQ3IHM6lcsyA==",
+      "dev": true,
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/default-compare": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/default-compare/-/default-compare-1.0.0.tgz",
@@ -17536,12 +17993,6 @@
       "dev": true,
       "optional": true
     },
-    "node_modules/dns-equal": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/dns-equal/-/dns-equal-1.0.0.tgz",
-      "integrity": "sha512-z+paD6YUQsk+AbGCEM4PrOXSss5gd66QfcVBFTKR/HpFL9jCqikS94HYwKww6fQyO7IxrIIyUu+g0Ka9tUS2Cg==",
-      "dev": true
-    },
     "node_modules/dns-packet": {
       "version": "5.6.0",
       "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.0.tgz",
@@ -17853,9 +18304,9 @@
       }
     },
     "node_modules/electron": {
-      "version": "28.2.7",
-      "resolved": "https://registry.npmjs.org/electron/-/electron-28.2.7.tgz",
-      "integrity": "sha512-iEBTYNFuZtLpAS+8ql0ATUWBPAC9uMYqwNJtMLqlT3/zOzHj6aYpwoJILwWgIuTAx+/yTYgARS46Nr/RazxTpg==",
+      "version": "28.2.8",
+      "resolved": "https://registry.npmjs.org/electron/-/electron-28.2.8.tgz",
+      "integrity": "sha512-VgXw2OHqPJkobIC7X9eWh3atptjnELaP+zlbF9Oz00ridlaOWmtLPsp6OaXbLw35URpMr0iYesq8okKp7S0k+g==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
@@ -22361,9 +22812,9 @@
       "dev": true
     },
     "node_modules/html-webpack-plugin": {
-      "version": "5.5.4",
-      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.4.tgz",
-      "integrity": "sha512-3wNSaVVxdxcu0jd4FpQFoICdqgxs4zIQQvj+2yQKFfBOnLETQ6X5CDWdeasuGlSsooFlMkEioWDTqBv1wvw5Iw==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.0.tgz",
+      "integrity": "sha512-iwaY4wzbe48AfKLZ/Cc8k0L+FKG6oSNRaZ8x5A/T/IVDGyXcbHncM9TdDa93wn0FsSm82FhTKW7f3vS61thXAw==",
       "dev": true,
       "dependencies": {
         "@types/html-minifier-terser": "^6.0.0",
@@ -22380,7 +22831,16 @@
         "url": "https://opencollective.com/html-webpack-plugin"
       },
       "peerDependencies": {
+        "@rspack/core": "0.x || 1.x",
         "webpack": "^5.20.0"
+      },
+      "peerDependenciesMeta": {
+        "@rspack/core": {
+          "optional": true
+        },
+        "webpack": {
+          "optional": true
+        }
       }
     },
     "node_modules/html-webpack-plugin/node_modules/commander": {
@@ -23458,6 +23918,39 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/is-inside-container": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz",
+      "integrity": "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==",
+      "dev": true,
+      "dependencies": {
+        "is-docker": "^3.0.0"
+      },
+      "bin": {
+        "is-inside-container": "cli.js"
+      },
+      "engines": {
+        "node": ">=14.16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-inside-container/node_modules/is-docker": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz",
+      "integrity": "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==",
+      "dev": true,
+      "bin": {
+        "is-docker": "cli.js"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/is-interactive": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz",
@@ -23518,6 +24011,18 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/is-network-error": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/is-network-error/-/is-network-error-1.1.0.tgz",
+      "integrity": "sha512-tUdRRAnhT+OtCZR/LxZelH/C7QtjtFrTu5tXCA8pl55eTUElUHT+GPYV8MBMBvea/j+NxQqVt3LbWMRir7Gx9g==",
+      "dev": true,
+      "engines": {
+        "node": ">=16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/is-number": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
@@ -25581,13 +26086,13 @@
       }
     },
     "node_modules/launch-editor": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.6.0.tgz",
-      "integrity": "sha512-JpDCcQnyAAzZZaZ7vEiSqL690w7dAEyLao+KC96zBplnYbJS7TYNjvM3M7y3dGz+v7aIsJk3hllWuc0kWAjyRQ==",
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.6.1.tgz",
+      "integrity": "sha512-eB/uXmFVpY4zezmGp5XtU21kwo7GBbKB+EQ+UZeWtGb9yAM5xt/Evk+lYH3eRNAtId+ej4u7TYPFZ07w4s7rRw==",
       "dev": true,
       "dependencies": {
         "picocolors": "^1.0.0",
-        "shell-quote": "^1.7.3"
+        "shell-quote": "^1.8.1"
       }
     },
     "node_modules/lazy-universal-dotenv": {
@@ -30996,25 +31501,34 @@
       }
     },
     "node_modules/postcss-loader": {
-      "version": "7.3.4",
-      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.4.tgz",
-      "integrity": "sha512-iW5WTTBSC5BfsBJ9daFMPVrLT36MrNiC6fqOZTTaHjBNX6Pfd5p+hSBqe/fEeNd7pc13QiAyGt7VdGMw4eRC4A==",
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-8.1.1.tgz",
+      "integrity": "sha512-0IeqyAsG6tYiDRCYKQJLAmgQr47DX6N7sFSWvQxt6AcupX8DIdmykuk/o/tx0Lze3ErGHJEp5OSRxrelC6+NdQ==",
       "dev": true,
       "dependencies": {
-        "cosmiconfig": "^8.3.5",
+        "cosmiconfig": "^9.0.0",
         "jiti": "^1.20.0",
         "semver": "^7.5.4"
       },
       "engines": {
-        "node": ">= 14.15.0"
+        "node": ">= 18.12.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
+        "@rspack/core": "0.x || 1.x",
         "postcss": "^7.0.0 || ^8.0.1",
         "webpack": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@rspack/core": {
+          "optional": true
+        },
+        "webpack": {
+          "optional": true
+        }
       }
     },
     "node_modules/postcss-loader/node_modules/argparse": {
@@ -31024,15 +31538,15 @@
       "dev": true
     },
     "node_modules/postcss-loader/node_modules/cosmiconfig": {
-      "version": "8.3.6",
-      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz",
-      "integrity": "sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA==",
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz",
+      "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==",
       "dev": true,
       "dependencies": {
+        "env-paths": "^2.2.1",
         "import-fresh": "^3.3.0",
         "js-yaml": "^4.1.0",
-        "parse-json": "^5.2.0",
-        "path-type": "^4.0.0"
+        "parse-json": "^5.2.0"
       },
       "engines": {
         "node": ">=14"
@@ -31209,9 +31723,9 @@
       }
     },
     "node_modules/prettier-plugin-tailwindcss": {
-      "version": "0.5.12",
-      "resolved": "https://registry.npmjs.org/prettier-plugin-tailwindcss/-/prettier-plugin-tailwindcss-0.5.12.tgz",
-      "integrity": "sha512-o74kiDBVE73oHW+pdkFSluHBL3cYEvru5YgEqNkBMFF7Cjv+w1vI565lTlfoJT4VLWDe0FMtZ7FkE/7a4pMXSQ==",
+      "version": "0.5.13",
+      "resolved": "https://registry.npmjs.org/prettier-plugin-tailwindcss/-/prettier-plugin-tailwindcss-0.5.13.tgz",
+      "integrity": "sha512-2tPWHCFNC+WRjAC4SIWQNSOdcL1NNkydXim8w7TDqlZi+/ulZYz2OouAI6qMtkggnPt7lGamboj6LcTMwcCvoQ==",
       "dev": true,
       "engines": {
         "node": ">=14.21.3"
@@ -31221,6 +31735,7 @@
         "@prettier/plugin-pug": "*",
         "@shopify/prettier-plugin-liquid": "*",
         "@trivago/prettier-plugin-sort-imports": "*",
+        "@zackad/prettier-plugin-twig-melody": "*",
         "prettier": "^3.0",
         "prettier-plugin-astro": "*",
         "prettier-plugin-css-order": "*",
@@ -31246,6 +31761,9 @@
         "@trivago/prettier-plugin-sort-imports": {
           "optional": true
         },
+        "@zackad/prettier-plugin-twig-melody": {
+          "optional": true
+        },
         "prettier-plugin-astro": {
           "optional": true
         },
@@ -31275,9 +31793,6 @@
         },
         "prettier-plugin-svelte": {
           "optional": true
-        },
-        "prettier-plugin-twig-melody": {
-          "optional": true
         }
       }
     },
@@ -33193,6 +33708,18 @@
       "resolved": "https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.6.0.tgz",
       "integrity": "sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw=="
     },
+    "node_modules/run-applescript": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz",
+      "integrity": "sha512-9by4Ij99JUr/MCFBUkDKLWK3G9HVXmabKz9U5MlIAIuvuzkiOicRYs8XJLxX+xahD+mLiiCYDqF9dKAgtzKP1A==",
+      "dev": true,
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/run-async": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz",
@@ -33423,9 +33950,9 @@
       }
     },
     "node_modules/schema-utils": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.1.tgz",
-      "integrity": "sha512-lELhBAAly9NowEsX0yZBlw9ahZG+sK/1RJ21EpzdYHKEs13Vku3LJ+MIPhh4sMs0oCCeufZQEQbMekiA4vuVIQ==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dev": true,
       "dependencies": {
         "@types/json-schema": "^7.0.9",
@@ -33463,11 +33990,12 @@
       "dev": true
     },
     "node_modules/selfsigned": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.1.1.tgz",
-      "integrity": "sha512-GSL3aowiF7wa/WtSFwnUrludWFoNhftq8bUkH9pkzjpN2XSPOAYEgg6e0sS9s0rZwgJzJiQRPU18A6clnoW5wQ==",
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.4.1.tgz",
+      "integrity": "sha512-th5B4L2U+eGLq1TVh7zNRGBapioSORUeymIydxgFpwww9d2qyKvtuPU2jJuHvYAwwqi2Y596QBL3eEqcPEYL8Q==",
       "dev": true,
       "dependencies": {
+        "@types/node-forge": "^1.3.0",
         "node-forge": "^1"
       },
       "engines": {
@@ -33626,9 +34154,9 @@
       }
     },
     "node_modules/serialize-javascript": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz",
-      "integrity": "sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w==",
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
+      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
       "dev": true,
       "dependencies": {
         "randombytes": "^2.1.0"
@@ -36001,20 +36529,20 @@
       "dev": true
     },
     "node_modules/tldts": {
-      "version": "6.1.13",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.13.tgz",
-      "integrity": "sha512-+GxHFKVHvUTg2ieNPTx3b/NpZbgJSTZEDdI4cJzTjVYDuxijeHi1tt7CHHsMjLqyc+T50VVgWs3LIb2LrXOzxw==",
+      "version": "6.1.16",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.16.tgz",
+      "integrity": "sha512-X6VrQzW4RymhI1kBRvrWzYlRLXTftZpi7/s/9ZlDILA04yM2lNX7mBvkzDib9L4uSymHt8mBbeaielZMdsAkfQ==",
       "dependencies": {
-        "tldts-core": "^6.1.13"
+        "tldts-core": "^6.1.16"
       },
       "bin": {
         "tldts": "bin/cli.js"
       }
     },
     "node_modules/tldts-core": {
-      "version": "6.1.13",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.13.tgz",
-      "integrity": "sha512-M1XP4D13YtXARKroULnLsKKuI1NCRAbJmUGGoXqWinajIDOhTeJf/trYUyBoLVx1/Nx1KBKxCrlW57ZW9cMHAA=="
+      "version": "6.1.16",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.16.tgz",
+      "integrity": "sha512-rxnuCux+zn3hMF57nBzr1m1qGZH7Od2ErbDZjVm04fk76cEynTg3zqvHjx5BsBl8lvRTjpzIhsEGMHDH/Hr2Vw=="
     },
     "node_modules/tmp": {
       "version": "0.0.33",
@@ -36882,6 +37410,18 @@
         "tiny-inflate": "^1.0.0"
       }
     },
+    "node_modules/unicorn-magic": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz",
+      "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/unified": {
       "version": "10.1.2",
       "resolved": "https://registry.npmjs.org/unified/-/unified-10.1.2.tgz",
@@ -37914,54 +38454,54 @@
       }
     },
     "node_modules/webpack-dev-server": {
-      "version": "4.15.1",
-      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz",
-      "integrity": "sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.0.4.tgz",
+      "integrity": "sha512-dljXhUgx3HqKP2d8J/fUMvhxGhzjeNVarDLcbO/EWMSgRizDkxHQDZQaLFL5VJY9tRBj2Gz+rvCEYYvhbqPHNA==",
       "dev": true,
       "dependencies": {
-        "@types/bonjour": "^3.5.9",
-        "@types/connect-history-api-fallback": "^1.3.5",
-        "@types/express": "^4.17.13",
-        "@types/serve-index": "^1.9.1",
-        "@types/serve-static": "^1.13.10",
-        "@types/sockjs": "^0.3.33",
-        "@types/ws": "^8.5.5",
+        "@types/bonjour": "^3.5.13",
+        "@types/connect-history-api-fallback": "^1.5.4",
+        "@types/express": "^4.17.21",
+        "@types/serve-index": "^1.9.4",
+        "@types/serve-static": "^1.15.5",
+        "@types/sockjs": "^0.3.36",
+        "@types/ws": "^8.5.10",
         "ansi-html-community": "^0.0.8",
-        "bonjour-service": "^1.0.11",
-        "chokidar": "^3.5.3",
+        "bonjour-service": "^1.2.1",
+        "chokidar": "^3.6.0",
         "colorette": "^2.0.10",
         "compression": "^1.7.4",
         "connect-history-api-fallback": "^2.0.0",
         "default-gateway": "^6.0.3",
         "express": "^4.17.3",
         "graceful-fs": "^4.2.6",
-        "html-entities": "^2.3.2",
+        "html-entities": "^2.4.0",
         "http-proxy-middleware": "^2.0.3",
-        "ipaddr.js": "^2.0.1",
-        "launch-editor": "^2.6.0",
-        "open": "^8.0.9",
-        "p-retry": "^4.5.0",
-        "rimraf": "^3.0.2",
-        "schema-utils": "^4.0.0",
-        "selfsigned": "^2.1.1",
+        "ipaddr.js": "^2.1.0",
+        "launch-editor": "^2.6.1",
+        "open": "^10.0.3",
+        "p-retry": "^6.2.0",
+        "rimraf": "^5.0.5",
+        "schema-utils": "^4.2.0",
+        "selfsigned": "^2.4.1",
         "serve-index": "^1.9.1",
         "sockjs": "^0.3.24",
         "spdy": "^4.0.2",
-        "webpack-dev-middleware": "^5.3.1",
-        "ws": "^8.13.0"
+        "webpack-dev-middleware": "^7.1.0",
+        "ws": "^8.16.0"
       },
       "bin": {
         "webpack-dev-server": "bin/webpack-dev-server.js"
       },
       "engines": {
-        "node": ">= 12.13.0"
+        "node": ">= 18.12.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
-        "webpack": "^4.37.0 || ^5.0.0"
+        "webpack": "^5.0.0"
       },
       "peerDependenciesMeta": {
         "webpack": {
@@ -37972,33 +38512,46 @@
         }
       }
     },
-    "node_modules/webpack-dev-server/node_modules/@types/ws": {
-      "version": "8.5.5",
-      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.5.tgz",
-      "integrity": "sha512-lwhs8hktwxSjf9UaZ9tG5M03PGogvFaH8gUgLNbN9HKIg0dvv6q+gkSuJ8HN4/VbyxkuLzCjlN7GquQ0gUJfIg==",
-      "dev": true,
-      "dependencies": {
-        "@types/node": "*"
-      }
+    "node_modules/webpack-dev-server/node_modules/@types/retry": {
+      "version": "0.12.2",
+      "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.2.tgz",
+      "integrity": "sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow==",
+      "dev": true
     },
-    "node_modules/webpack-dev-server/node_modules/glob": {
-      "version": "7.2.3",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
-      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+    "node_modules/webpack-dev-server/node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
       "dev": true,
       "dependencies": {
-        "fs.realpath": "^1.0.0",
-        "inflight": "^1.0.4",
-        "inherits": "2",
-        "minimatch": "^3.1.1",
-        "once": "^1.3.0",
-        "path-is-absolute": "^1.0.0"
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
       },
       "engines": {
-        "node": "*"
+        "node": ">= 8.10.0"
       },
       "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/define-lazy-prop": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz",
+      "integrity": "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
       }
     },
     "node_modules/webpack-dev-server/node_modules/ipaddr.js": {
@@ -38010,48 +38563,114 @@
         "node": ">= 10"
       }
     },
-    "node_modules/webpack-dev-server/node_modules/rimraf": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
-      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+    "node_modules/webpack-dev-server/node_modules/is-wsl": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz",
+      "integrity": "sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw==",
       "dev": true,
       "dependencies": {
-        "glob": "^7.1.3"
+        "is-inside-container": "^1.0.0"
       },
-      "bin": {
-        "rimraf": "bin.js"
+      "engines": {
+        "node": ">=16"
       },
       "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/memfs": {
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/memfs/-/memfs-4.8.0.tgz",
+      "integrity": "sha512-fcs7trFxZlOMadmTw5nyfOwS3il9pr3y+6xzLfXNwmuR/D0i4wz6rJURxArAbcJDGalbpbMvQ/IFI0NojRZgRg==",
+      "dev": true,
+      "dependencies": {
+        "tslib": "^2.0.0"
+      },
+      "engines": {
+        "node": ">= 4.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/streamich"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/open": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/open/-/open-10.1.0.tgz",
+      "integrity": "sha512-mnkeQ1qP5Ue2wd+aivTD3NHd/lZ96Lu0jgf0pwktLPtx6cTZiH7tyeGRRHs0zX0rbrahXPnXlUnbeXyaBBuIaw==",
+      "dev": true,
+      "dependencies": {
+        "default-browser": "^5.2.1",
+        "define-lazy-prop": "^3.0.0",
+        "is-inside-container": "^1.0.0",
+        "is-wsl": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/p-retry": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-6.2.0.tgz",
+      "integrity": "sha512-JA6nkq6hKyWLLasXQXUrO4z8BUZGUt/LjlJxx8Gb2+2ntodU/SS63YZ8b0LUTbQ8ZB9iwOfhEPhg4ykKnn2KsA==",
+      "dev": true,
+      "dependencies": {
+        "@types/retry": "0.12.2",
+        "is-network-error": "^1.0.0",
+        "retry": "^0.13.1"
+      },
+      "engines": {
+        "node": ">=16.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/retry": {
+      "version": "0.13.1",
+      "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
+      "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==",
+      "dev": true,
+      "engines": {
+        "node": ">= 4"
       }
     },
     "node_modules/webpack-dev-server/node_modules/webpack-dev-middleware": {
-      "version": "5.3.3",
-      "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz",
-      "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-7.1.1.tgz",
+      "integrity": "sha512-NmRVq4AvRQs66dFWyDR4GsFDJggtSi2Yn38MXLk0nffgF9n/AIP4TFBg2TQKYaRAN4sHuKOTiz9BnNCENDLEVA==",
       "dev": true,
       "dependencies": {
         "colorette": "^2.0.10",
-        "memfs": "^3.4.3",
+        "memfs": "^4.6.0",
         "mime-types": "^2.1.31",
+        "on-finished": "^2.4.1",
         "range-parser": "^1.2.1",
         "schema-utils": "^4.0.0"
       },
       "engines": {
-        "node": ">= 12.13.0"
+        "node": ">= 18.12.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
-        "webpack": "^4.0.0 || ^5.0.0"
+        "webpack": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "webpack": {
+          "optional": true
+        }
       }
     },
     "node_modules/webpack-dev-server/node_modules/ws": {
-      "version": "8.13.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
-      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
+      "version": "8.16.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.16.0.tgz",
+      "integrity": "sha512-HS0c//TP7Ina87TfiPUz1rQzMhHrl/SG2guqRcTOIUYD2q8uhUdNHZYJUaQ8aTGPzCh+c6oawMKW35nFl1dxyQ==",
       "dev": true,
       "engines": {
         "node": ">=10.0.0"
diff --git a/package.json b/package.json
index d201eebcda..88ba36e3c0 100644
--- a/package.json
+++ b/package.json
@@ -78,17 +78,17 @@
     "@types/react": "16.14.57",
     "@types/retry": "0.12.5",
     "@types/zxcvbn": "4.4.4",
-    "@typescript-eslint/eslint-plugin": "6.21.0",
-    "@typescript-eslint/parser": "6.21.0",
+    "@typescript-eslint/eslint-plugin": "7.4.0",
+    "@typescript-eslint/parser": "7.4.0",
     "@webcomponents/custom-elements": "1.6.0",
     "autoprefixer": "10.4.18",
     "base64-loader": "1.0.0",
     "chromatic": "10.9.6",
     "concurrently": "8.2.2",
-    "copy-webpack-plugin": "11.0.0",
+    "copy-webpack-plugin": "12.0.2",
     "cross-env": "7.0.3",
-    "css-loader": "6.8.1",
-    "electron": "28.2.7",
+    "css-loader": "6.10.0",
+    "electron": "28.2.8",
     "electron-builder": "24.13.3",
     "electron-log": "5.0.1",
     "electron-reload": "2.0.0-alpha.1",
@@ -110,7 +110,7 @@
     "gulp-zip": "6.0.0",
     "html-loader": "4.2.0",
     "html-webpack-injector": "1.1.4",
-    "html-webpack-plugin": "5.5.4",
+    "html-webpack-plugin": "5.6.0",
     "husky": "9.0.11",
     "jest-junit": "16.0.0",
     "jest-mock-extended": "3.0.5",
@@ -120,9 +120,9 @@
     "node-ipc": "9.2.1",
     "pkg": "5.8.1",
     "postcss": "8.4.35",
-    "postcss-loader": "7.3.4",
+    "postcss-loader": "8.1.1",
     "prettier": "3.2.2",
-    "prettier-plugin-tailwindcss": "0.5.12",
+    "prettier-plugin-tailwindcss": "0.5.13",
     "process": "0.11.10",
     "react": "18.2.0",
     "react-dom": "18.2.0",
@@ -144,7 +144,7 @@
     "wait-on": "7.2.0",
     "webpack": "5.89.0",
     "webpack-cli": "5.1.4",
-    "webpack-dev-server": "4.15.1",
+    "webpack-dev-server": "5.0.4",
     "webpack-node-externals": "3.0.0"
   },
   "dependencies": {
@@ -171,7 +171,7 @@
     "bufferutil": "4.0.8",
     "chalk": "4.1.2",
     "commander": "11.1.0",
-    "core-js": "3.34.0",
+    "core-js": "3.36.1",
     "duo_web_sdk": "github:duosecurity/duo_web_sdk",
     "form-data": "4.0.0",
     "https-proxy-agent": "7.0.2",
@@ -200,7 +200,7 @@
     "qrious": "4.0.2",
     "rxjs": "7.8.1",
     "tabbable": "6.2.0",
-    "tldts": "6.1.13",
+    "tldts": "6.1.16",
     "utf-8-validate": "6.0.3",
     "zone.js": "0.13.3",
     "zxcvbn": "4.4.2"
@@ -220,7 +220,7 @@
     "*.ts": "eslint --cache --cache-strategy content --fix"
   },
   "engines": {
-    "node": "~18",
+    "node": "^18.18.0",
     "npm": "~9"
   }
 }
diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json
index c8144b97b9..19d35b2896 100644
--- a/tsconfig.eslint.json
+++ b/tsconfig.eslint.json
@@ -22,6 +22,7 @@
       "@bitwarden/common/*": ["./libs/common/src/*"],
       "@bitwarden/components": ["./libs/components/src"],
       "@bitwarden/vault-export-core": [".libs/tools/export/vault-export/vault-export-core/src"],
+      "@bitwarden/vault-export-ui": [".libs/tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["./libs/importer/src"],
       "@bitwarden/importer/ui": ["./libs/importer/src/components"],
       "@bitwarden/platform": ["./libs/platform/src"],
diff --git a/tsconfig.json b/tsconfig.json
index 4aaf670dbc..ab3f8861a9 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -23,6 +23,7 @@
       "@bitwarden/common/*": ["./libs/common/src/*"],
       "@bitwarden/components": ["./libs/components/src"],
       "@bitwarden/vault-export-core": ["./libs/tools/export/vault-export/vault-export-core/src"],
+      "@bitwarden/vault-export-ui": ["./libs/tools/export/vault-export/vault-export-ui/src"],
       "@bitwarden/importer/core": ["./libs/importer/src"],
       "@bitwarden/importer/ui": ["./libs/importer/src/components"],
       "@bitwarden/platform": ["./libs/platform/src"],